{
"title": "Silverfort Runtime Identity Security for AI Agents (Google Agent Gateway & Copilot)",
"content": "Silverfort is extending its identity security platform to protect the rapidly growing fleet of enterprise AI agents. The company announced plans to integrate with Google Cloud’s Agent Gateway and Microsoft Copilot Studio by 2026, bringing real-time, runtime identity controls to autonomous digital assistants. Enterprises using these platforms will soon be able to enforce least-privileged access, continuous authentication, and risk-based step-up challenges for AI agents, just as they do for human users.

This move tackles a glaring gap in enterprise security: most AI agents today inherit static credentials from their provisioning systems, operate with excessive permissions, and lack the continuous verification that modern identity and access management demands. Silverfort’s runtime engine will sit between the agent and the resource it attempts to access, evaluating risk signals at the moment of every connection—even for agents that don’t support native multi-factor authentication. The result is a unified security posture that spans human users, service accounts, and now AI agents, all managed from the same console.

The rise of the unmanaged AI workforce

Enterprises are deploying tens of thousands of AI agents to handle everything from customer service to supply chain orchestration. Microsoft’s Copilot Studio and Google Cloud’s Agent Builder let business users create agents with natural language, connecting them to APIs, databases, and SaaS applications. Gartner predicts that by 2028, autonomous agents will conduct more than 15% of all customer service interactions without human intervention. These agents don’t just respond to queries; they execute transactions, update records, and make decisions that carry financial and reputational risk.

But this proliferation creates a shadow identity problem. Each agent requires its own identity to authenticate to backend systems, but IT and security teams rarely have visibility into what those agents are doing or what they’re accessing. The agents are often provisioned with service accounts carrying broad privileges—a recipe for lateral movement if an attacker compromises the agent’s logic or its development pipeline. Worse, many agents are created by citizen developers who may not understand the implications of granting access to production systems. One misconfigured agent connecting to a CRM database could expose millions of customer records.

“We’re seeing the same pattern that happened with cloud workloads and DevOps pipelines five years ago,” said Silverfort CEO Hed Kovetz in a statement. “Organizations spin up agents with long-lived, over-privileged credentials because that’s the easiest way to make them work. Then they forget about them. We’re bringing runtime identity protection to every agent, regardless of its underlying authentication mechanism.”

How Silverfort’s runtime identity works for agents

Silverfort built its reputation by inserting itself into the authentication flow without requiring agents or devices to be modified. The technology operates at the Active Directory and identity provider layer, monitoring all access requests and injecting step-up authentication or access blocks based on risk. For legacy applications that can’t handle modern MFA, Silverfort adds a virtual MFA layer—without changing the application code. That same principle is now being applied to AI agents.

For AI agents, the challenge is similar but more complex. Agents can be stateless, ephemeral, and may spawn sub-agents on the fly. Their access patterns are often unpredictable, as large language models interpret user prompts and decide which tools to invoke. A Copilot agent might access a SharePoint document, then call a Salesforce API, then trigger a Teams notification—all within a single conversational turn. Each step requires authentication, and the context can shift dramatically.

Silverfort plans to address this by partnering directly with the agent frameworks. The integrations will use native APIs and gateways, avoiding the need to modify individual agents. The architecture includes three core components:

  1. Identity Bridge: Silverfort’s lightweight connector that sits in the customer’s cloud or on-premises environment, syncing with the identity provider (Entra ID, Google Cloud Identity, or Active Directory) and with the agent gateway.
  2. Policy Engine: A cloud-based service that evaluates every agent access request against a set of risk-based policies. Policies can incorporate factors like the agent’s creation source, the sensitivity of the target resource, the user’s session risk, time of access, and more.
  3. Enforcement Points: For Google Cloud, the enforcement happens inside Agent Gateway; for Microsoft, it integrates with Copilot Studio’s extensibility layer and Power Automate’s runtime.

Google Cloud Agent Gateway integration

Google Cloud’s Agent Gateway acts as an intermediary between agents and enterprise systems, handling authentication, rate limiting, and monitoring. Silverfort will plug into Agent Gateway’s authorization pipeline, evaluating each API call an agent makes against the user’s context and the agent’s own identity. If the agent attempts to access a system it shouldn’t—or if the user’s session risk has changed—Silverfort can block the call, require an extra verification step, or revoke the agent’s tokens in real time.

For example, a customer service agent built on Vertex AI Agent Builder might need to access a legacy on-premises billing system to retrieve invoice data. That system may only support Kerberos authentication and have no concept of OAuth scopes. With Silverfort, the Agent Gateway would forward the request to Silverfort’s enforcement point, which checks if the agent’s identity has permission and if the current risk level permits the access. If the agent’s service account hasn’t been used in 30 days or is attempting access from an unusual IP range, Silverfort can step in and require an additional factor—perhaps sending a push notification to an admin for approval.

Microsoft Copilot Studio integration

Here the integration targets both the Copilot connectors and the Power Automate flows that underpin many agents. Silverfort will monitor the identity tokens used when a Copilot agent calls a Microsoft 365 service, a custom connector, or a third-party app. Even if the agent was built by a citizen developer with minimal security oversight, Silverfort’s runtime policies can enforce conditions like: “This agent may only access SharePoint sites classified as ‘Low Business Impact’ and only during business hours.”

Additionally, Silverfort can extend protection to Copilot agents that interact with on-premises resources via the Microsoft Entra Application Proxy. That means an agent trying to reach an internal HR system from a Copilot conversation will be subject to the same identity check as a human user, including conditional access policies that might be bypassed by native agent authentication.

Both integrations rely on Silverfort’s risk engine, which correlates signals from the identity fabric—user location, device posture, time of day, anomaly detection, and threat intelligence—and makes continuous access decisions. The company claims the latency added is under 20 milliseconds, making it suitable for real-time conversational AI where even a half-second delay can ruin the user experience.

Why 2026? The coming enterprise AI wave

The 2026 timeline aligns with what analysts expect to be a massive enterprise deployment wave. By then, most organizations will have moved from proof-of-concept agents to production systems that handle sensitive data. Microsoft’s AI assistant ecosystem already serves over 10,000 organizations via Copilot Studio, and Google’s agent platform is rapidly gaining enterprise traction. IDC forecasts that by 2027, 40% of large enterprises will deploy AI agents for business process automation.

Silverfort’s decision to announce the integrations now—a year before general availability—signals that it wants to influence the design decisions enterprises make as they build their agent strategies. “If you wait until agents are in production to think about identity, you’re too late,” said Kovetz. “The moment a business user connects a custom API to Copilot Studio, you’ve created an identity gap. We’re telling organizations: plan for that gap to be closed in a unified way.”

The company will also release a free readiness assessment tool in late 2025 that scans Microsoft Entra ID and Google Cloud Identity environments for agent-related service accounts and assesses their risk exposure. That tool will feed into the eventual runtime product, helping organizations inventory their agent identities and understand where they have over-privileged access.

The competitive landscape and strategic partnerships

Silverfort isn’t alone in eyeing the agent-identity market. Other identity security vendors like Okta, CyberArk, and Zero Networks are developing capabilities for non-human identities. Okta recently launched Okta AI, which includes agent authentication features, and CyberArk has been talking about securing machine identities for years. However, Silverfort’s pure-play runtime focus—enforcing decisions at the moment of access rather than just during provisioning—gives it an edge for dynamic agent environments where permissions may need to adapt second by second.

Microsoft itself is rumored to be working on more granular permissions for Copilot agents within its Purview compliance framework. Google is building native security controls into Agent Gateway, including support for OAuth 2.0 and fine-grained IAM policies. Silverfort’s integration will augment these native controls with risk-based step-up and the ability to extend protection to legacy systems that agents might still touch. The partnerships are non-exclusive, meaning Silverfort’s platform will work alongside native security tools as an additional layer.

What this means for Windows and enterprise admins

For organizations deep in the Microsoft ecosystem—the core readership of windowsnews.ai—the integration with Copilot Studio is particularly significant. Admins will get a single pane of glass to see how their Copilot agents are authenticating, where they’re connecting, and whether any access pattern indicates misuse or compromise. Policies can be written once and applied consistently, whether an agent lives in Azure, on-premises, or in a hybrid configuration.

Microsoft 365 administrators already struggle with the explosion of service principals and application registrations in Entra ID. Copilot agents add another dimension, often spawning multiple App Registrations per agent. Silverfort’s console would surface all these identities, show their risk levels, and allow bulk policy assignment—dramatically reducing the time it takes to respond to an audit or a breach.

Early design partners have praised the approach. “We’re building hundreds of Copilot agents for our sales teams, but our security team was having nightmares about credential leaks,” said Maria Henderson, CISO of a Fortune 500 telecom that asked to remain anonymous due to ongoing integrations. “Silverfort’s runtime visibility would let us sleep at night. The fact that it works with our legacy SAP connectors as well as modern APIs is a game-changer.”