Mimecast has expanded its Incydr data security platform to address the growing risk posed by AI agents in enterprise environments, as organisations accelerate AI adoption without commensurate security controls.

The governance gap

According to Mimecast, 80 percent of Fortune 500 companies now run active AI agents, yet only 14 percent have received full security approval. The company says AI agents are accessing and moving sensitive information through channels that traditional security tools were never designed to monitor — including Model Context Protocol (MCP)-connected workflows, commercial agents, user-built automations, and shadow AI tools.

Expanded Incydr capabilities

The updated Mimecast Incydr platform extends visibility beyond human users to include AI tools and autonomous agents. New capabilities include unified human and agent visibility across endpoints, cloud and SaaS applications, email, browser activity, and MCP connections; shadow AI and unsanctioned agent detection; adaptive risk scoring for both people and AI agents; and granular data-to-agent access mapping covering sensitive data categories such as customer PII, source code, and financial records.

Agent Risk Center preview

Mimecast also previewed a new Agent Risk Center at RSAC Conference 2026 in San Francisco. The tool consolidates AI agent risk into a single interface, with built-in agentic workflows that automate responses — from notifying users and escalating to managers through to enforcing controls and generating compliance reports. Features include an anomaly detection engine, department-level risk heatmaps, governance scorecards, and integrated remediation workflows.

“Who deployed the agent? What do we already know about them? How is data moving across email, collaboration tools, browsers, SaaS apps, endpoints, and AI-driven workflows — and what intervention is required right now? That’s a runtime data security problem, not a model problem.” — Rob Juncker, Chief Product Officer, Mimecast