Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Copilot Studio vs Foundry in financial services: what changes?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Financial services teams are adopting Microsoft Copilot Studio and Foundry for AI agents, but Zenity’s analysis shows the governance problem is not platform choice alone: business-led low-code agents and technical mission-critical agents create different security and compliance pressures, especially around shadow AI, excessive privilege, and runtime enforcement. The decisive gap is governance that follows the agent lifecycle, not just the build platform.

NHIMG editorial — based on content published by Zenity: Considerations for Microsoft Copilot Studio vs. Foundry in Financial Services

By the numbers:

Questions worth separating out

Q: How should security teams govern business-built AI agents in low-code platforms?

A: Start with discovery, ownership, and access boundaries.

Q: Why do technical AI agents create higher privilege risk than simple workflow bots?

A: Technical agents usually integrate with multiple systems, so a single identity can accumulate broad delegated access across models, data sources, and tools.

Q: What do organisations get wrong about AI agent governance?

A: They often treat agent governance as a build-time review problem.

Practitioner guidance

What's in the full article

Zenity's full article covers the operational detail this post intentionally leaves for the source:

  • How Copilot Studio and Foundry differ in builder profile, agent scope, and deployment patterns
  • Examples of common financial services use cases, including onboarding, fraud-related automation, and regulatory workflows
  • The webinar context with Zenity, Microsoft, and Slalom, including the practical defense-in-depth themes discussed
  • The article's specific framing of visibility, policy enforcement, and lifecycle governance for agent programmes

👉 Read Zenity's analysis of Copilot Studio vs Foundry governance in financial services →

Copilot Studio vs Foundry in financial services: what changes?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Copilot Studio and Foundry are not one governance problem. Low-code business builders and technical agent developers create different identity risks, but both collapse into the same failure mode when organisations treat agent creation as a feature rollout instead of an access governance event. Financial services teams need to classify who can create agents, what those agents can reach, and which workflows become regulated when the agent goes live. The practitioner takeaway is that platform choice changes the shape of the control problem, not the need for control.

A few things that frame the scale:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to SailPoint.

A question worth separating out:

Q: How should financial services teams decide between Copilot Studio and Foundry controls?

A: Do not choose controls by platform label alone. Decide by the agent’s user base, data access, integrations, and operational criticality. Low-code business agents need strict intake and visibility, while technical agents need deeper privilege review and runtime enforcement. The governance model should follow the risk profile, not the product category.

👉 Read our full editorial: Copilot Studio vs Foundry in financial services governance



   
ReplyQuote
Share: