TL;DR: AI is expanding identity footprints faster than human reviews can track, and Netwrix says organisations where that happened saw a 43% breach rate versus 11% where it did not. The governance problem is no longer visibility alone, but whether identity and data controls can keep pace with Copilot-era access sprawl and prove compliance quickly.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- Organizations where AI expanded the identity footprint saw four times the breach rate of those where it didn't, 43% versus 11%.
- Pricing starts at $22 per identity per year.
Questions worth separating out
Q: How should security teams govern AI assistants in hybrid Microsoft environments?
A: Security teams should govern AI assistants as inheriting access controls, not replacing them.
Q: Why do AI tools expose hidden identity risk so quickly?
A: AI tools expose hidden identity risk quickly because they can traverse the permissions already present in the environment at machine speed.
Q: What breaks when Microsoft identity permissions are not fully audited before AI rollout?
A: What breaks is the assumption that access is understood well enough to be safely reused by AI.
Practitioner guidance
- Audit inherited Copilot access paths Map which identities, groups, and connected data sources Copilot can reach before expanding rollout.
- Tie identity reviews to sensitive data discovery Use data classification and sensitivity dashboards to identify where privileged identities and high-value content intersect.
- Monitor configuration drift continuously Escalate changes in GPOs, Windows Server activity, and directory policy into the IAM review process as soon as they occur.
What's in the full announcement
Netwrix's full news coverage covers the operational detail this post intentionally leaves for the source:
- Plain-language briefing from Netwrix Neo on what changed in the environment and where to focus first
- The full set of 200+ PingCastle-powered checks across Active Directory and data sources
- Specific guidance on Copilot activity monitoring, GPO auditing, and Windows Server activity reporting
- Deployment and pricing details for organisations evaluating the 1Secure service model
👉 Read Netwrix's announcement on new AI governance capabilities for hybrid Microsoft environments →
Copilot governance in hybrid Microsoft environments: what changes now?
Explore further
AI governance in Microsoft environments is really inherited identity governance. Copilot and adjacent tools do not bypass the directory, they inherit it. That means whatever is overprivileged, stale, or unclassified in Microsoft identity and data estates becomes the AI access model by default. The implication is that organisations cannot govern AI rollouts separately from identity hygiene and data posture.
A few things that frame the scale:
- Systems with least-privileged AI access had a 17% incident rate versus 76% for over-privileged systems, according to the 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: Who should own AI identity and data governance in Microsoft environments?
A: Ownership should be shared across IAM, security operations, and data governance, with clear accountability for directory access, data classification, and monitoring. If those responsibilities sit in separate silos, AI adoption will outpace remediation. Governance works best when one team can see access, data exposure, and control drift together.
👉 Read our full editorial: Hybrid Microsoft identity governance for AI and Copilot rollouts