Cayosoft Guardian 7.2 expands Identity Threat Detection and Response and Automated Rollback for AI identities; Launches Expert-Led, Identity-First Incident Response Service.
Cayosoft, the undisputed leader in Microsoft hybrid Active Directory (AD), Entra ID, and Microsoft 365 management, monitoring, and recovery, today announced significant updates to its Cayosoft Guardian platform, ahead of the RSA 2026 Conference. Cayosoft Guardian will now bring AI agent identities into existing identity threat detection and response (ITDR) workflows, giving security teams visibility, reporting, alerting, and automated rollback, without adding another dashboard. Cayosoft also launched a new Identity Forensics & Incident Response (IFIR) service, a purpose-built incident response offering designed specifically for Microsoft hybrid identity environments to address the growing operational and security risks created by complex environments and the rapid rise of non-human identities.
“We’re living in the age of AI, where the number of non-human identities has rapidly increased to supplement human identities. This major shift in the identity landscape means our customers need a reliable platform that can monitor, manage and recover identities instantly,” said Bob Bobel, Founder and CEO of Cayosoft. “By adding support for AI identities in the Guardian platform, and by launching our new incident response services powered by Guardian, we’re re-affirming our commitment to innovation to meet and exceed our customers’ identity resilience needs.”
Cayosoft Guardian 7.2 Adds Monitoring & Detections for AI Identities
Non-human identities (NHIs) already outnumber human users in modern Microsoft ecosystems. The introduction of AI agents expands the identity attack surface even further through autonomous behavior, indirect permission assignment, and complex attribution. Many operate outside standard governance and monitoring practices, accumulating long-lived credentials, excessive permissions and unclear ownership that create security and compliance blind spots. Identity threat detection and response must therefore treat non-human identities as a core capability. With Cayosoft Guardian 7.2, expanded Change Monitoring for Microsoft Entra Agent ID entities helps security teams maintain visibility and control as agentic AI adoption accelerates, bringing agent-related changes into the same monitoring and investigation workflows used for users, groups and applications.
“As we deploy Microsoft agents, it’s critical that agent identities are governed just like any other identity,” said Hussein Alalawi, Senior Information Security Engineer of Auto Club Group. “With Cayosoft, we can see when agent identities are created, how permissions change, and exactly what actions they take—and we can roll those changes back if automation goes wrong. That’s what gives us confidence to run agentic AI at scale.”
Cayosoft Launches New Identity-First Incident Response Service
Powered by the Cayosoft Guardian Platform and delivered by Cayosoft’s identity security and incident response specialists, the Cayosoft Identity Forensics & Incident Response (IFIR) service delivers rapid detection, deep forensic reconstruction, and authoritative recovery across hybrid identity environments. Designed specifically for hybrid AD and Entra ID environments, Cayosoft provides expert-led dedicated identity investigation capabilities, immutable auditing and guaranteed recovery in minutes.
Specifically, Cayosoft’s IFIR capabilities include:
- Baseline evaluation of your Microsoft identity security, monthly check-ins to review remediation and prioritization, and yearly disaster recovery testing
- Real-time identity threat detection and alerting, including tracking attacker activity across hybrid AD and Entra ID
- Identifying patient zero and privilege escalation paths
- Reconstructing attack timelines using Guardian forensic replay
- Automated, authoritative rollback and remediation
- Guaranteed AD recovery in minutes via patented instant standby technology, restoring known-good identity baselines
- Applying controls to prevent ransomware reinfection
- Reducing incident recurrence through expert-led identity hardening
Cayosoft will be exhibiting at RSA 2026 in the Microsoft booth #5744 in the North Expo Hall at the Moscone Center. The company is hosting live demonstrations of its Guardian Platform and incident response service on Thursday, March 26th from 1-2pm PT.
To learn more about non-human identity change controls in Cayosoft Guardian, please visit https://www.cayosoft.com/blog/agent-identities-itdr-must-evolve/.
To learn more about Cayosoft’s Guardian platform, please visit https://www.cayosoft.com/products/guardian/.
To learn more about Cayosoft’s Identity Forensics & Incident Response Service, please visit https://www.cayosoft.com/identity-forensics-incident-response-service/.