Bonfy.AI shipped a major update to its Adaptive Content Security platform on September 18, 2025, planting deep hooks into Microsoft 365’s mail, SharePoint, identity, and governance layers. The release—Bonfy ACS v1.1—is built to spot and stop data leaks that slip past traditional DLP tools, especially those triggered by Microsoft Copilot’s appetite for enterprise content.
What just dropped
The core of the update is a set of native integrations that funnel real-time signals from across the Microsoft 365 stack into Bonfy’s AI-powered analysis engine. The platform now pulls from four mission-critical surfaces:
- Microsoft Mail (Exchange/Outlook): Inline or offline inspection of outbound, inbound, and internal messages. The system parses email bodies and attachments, flagging risky sends before they leave the building.
- SharePoint and OneDrive: Continuous streaming analysis of content at rest, triggered the moment a file changes or permissions shift. No more waiting for periodic scans—exposure windows shrink to near-zero.
- Microsoft Entra (formerly Azure AD): User and identity risk signals get correlated with content access events. A sudden download spree from an account with a low trust score raises an immediate red flag.
- Microsoft Purview: Automated sensitivity labeling and classification that feeds directly into Microsoft’s governance workflows. The platform respects existing Purview label inheritance and can apply its own remediation based on contextual analysis.
Bonfy is leaning hard on what it calls Entity Risk Management (ERM). Instead of looking at files in isolation, the platform scores people—employees, contractors, partners—based on their behavior, access patterns, and identity posture. That score then drives automated enforcement: a high-risk actor might get blocked from sharing a “Highly Confidential” document even if the policy would normally allow it.
On the detection front, the company claims its GenAI-powered engine delivers “10X more real-world risk scenarios” while cutting false positives dramatically. Those are vendor numbers, not third-party audits, but the architecture supporting them is worth a closer look. Rather than regex patterns or static fingerprints, Bonfy uses contextual models—semantic analysis that can catch a paraphrased customer list or an AI-generated summary dripping with financials, the kind of leaks that old-school DLP never sees.
What this means for you
The impact depends on where you sit.
For home users and small businesses: Not much, at least directly. Bonfy ACS is an enterprise platform priced and packaged for organizations with formal data governance needs. If you’re running a one-person shop on Microsoft 365 Business Basic, you’re not the audience. But the technology here matters indirectly: it signals where DLP is heading, and eventually consumer-grade protections (like Microsoft Defender’s family features) may borrow from the same playbook.
For IT and security admins: This is a tool worth putting on the evaluation shortlist if your org is either already using Microsoft Copilot or planning to roll it out. Native integration with Entra and Purview means you can layer Bonfy’s analytics over your existing label taxonomy and identity controls without starting from scratch. The real win is the streaming analysis on SharePoint and inline mail inspection—those shrink the gap between a risky action and a response, which matters when an AI assistant can summarize an entire month of board meeting notes in ten seconds.
For compliance officers and data protection teams: Automated labeling and GenAI-generated explanations for policy triggers are a boon for audit trails. When a user asks Copilot to “summarize the Q3 earnings call” and the system blocks it, you get a plain-English reason tied to a specific sensitivity label. That cuts the time spent arguing with business units about why access was denied.
For developers: The release underscores a growing reliance on Microsoft Graph and Purview APIs for third-party DLP. If you’re building internal tools that touch sensitive content, expect security teams to start demanding similar entity-level visibility into your apps.
How we got here
Microsoft Copilot adoption has forced a reckoning inside enterprise security teams. Since early 2024, when Copilot for Microsoft 365 went live, the productivity pitch has been undercut by a nagging fear: what if a well-meaning employee asks the AI to “write a memo about the Acme deal” and the model pulls in pricing tables or customer PII from a SharePoint site it shouldn’t have touched? Traditional DLP operates on pattern matching—social security numbers, credit card strings, keyword lists. Generative AI transforms and paraphrases content so effectively that static rules miss almost everything.
Microsoft has built its own safeguards. Purview can prevent Copilot from processing files labeled “Highly Confidential,” and Entra Conditional Access can block risky sign-ins. But those controls are binary; they don’t analyze intent, context, or the subtle semantic drift that makes an AI-generated draft dangerous without containing a single explicit keyword.
Bonfy is one of several vendors racing to fill that gap. The company’s previous platform versions focused on cloud app security broadly. This v1.1 release is a Microsoft-first play, reflecting the reality that for most large enterprises, Copilot risk isn’t theoretical—it’s daily.
What you can do right now
If Bonfy ACS v1.1 is on your radar, don’t just read the press release. Take these steps before committing to a proof-of-concept:
- Inventory your Copilot exposure. Map exactly which SharePoint sites, Teams channels, and Outlook mailboxes contain sensitive data that Copilot could potentially access. Tools like Microsoft Purview Content Explorer give you a head start.
- Review your Purview sensitivity labels. The platform works best when labels are current and accurately scoped. Audit label coverage across your M365 tenant—an unlabeled document is an unprotected document.
- Tighten Entra ID risk signals. Bonfy’s ERM depends on identity signals. Ensure Entra ID Protection is configured and that risky sign-in and risky user policies are enforced.
- Run a laser-focused PoC. Pick one high-stakes scenario—say, preventing Copilot from summarizing documents from a specific HR SharePoint library—and measure both detection accuracy and false positive rates. Demand that the vendor provide tuning guidance based on real traffic.
- Ask the hard questions. Where does customer content get processed? Does it leave your tenant’s region? Are models trained on your data? What are the data retention rules for logs and analysis artifacts? Get written answers backed by contractual terms, not slideware.
- Test latency impact on mail flow. If you opt for inline email inspection, measure the round-trip delay on test messages during peak hours. A DLP that slows mail delivery by more than a few seconds will torch your helpdesk with complaints.
- Plan for policy harmonization. If you already use Microsoft Purview DLP or Defender for Cloud Apps, run a side-by-side comparison. Overlapping rules can create conflicting actions—one policy blocks, another allows—and that confusion is worse than having no policy at all.
The road ahead
Bonfy’s move is a bellwether. DLP is pivoting from “content fingerprinting” to “contextual intelligence,” and Microsoft’s own Copilot governance roadmap will only accelerate that shift. Expect more vendors to announce similar native integrations, making M365-native DLP a crowded field. For now, security teams should watch how Bonfy’s ERM performs in real-world deployments, and whether third-party testing validates its bold detection claims. The next chapter of enterprise AI security won’t be written by marketing copy—it’ll be shaped by the SOC analysts staring at dashboards at 2 a.m., deciding whether to block or allow a Copilot-generated email. Tools that earn their trust will define the market.