Mastering the Modern Attack Surface: A Recap of Identity Security Insights Innovation in Q1

As the first quarter of 2026 came to a close, the identity landscape continued to evolve at breakneck speed, highlighting the BeyondTrust Identity Security Insights® team’s imperative to keep innovating and evolving our offerings. For us, the mission continues to be clear: providing unprecedented visibility and radical simplification. From the launch of our first AI security assistant, to deeper Active Directory visibility and regional expansions, we’re giving security teams the tools to move from reactive defense to proactive mastery.

Here is a comprehensive look at the major Identity Security Insights innovations delivered in Q1 2026.

Investigation fatigue is a real challenge for modern security teams, especially when it comes to finding anomalous activity related to identities and their entitlements. To combat this, we have introduced PathfinderAI, our new conversational assistant. Instead of manually digging through dashboards, you can now simply ask questions of your security data questions and get straightforward responses. With PathfinderAI, benefit from features such as:

• Natural Language Queries: Ask questions like "Who can access Global Admin?" and get a breakdown of accounts and access paths, prioritized by risk.

• Unified Provider Intelligence: Query data across Azure AD, AWS, and ServiceNow in a single exchange with PathfinderAI.

• Remediation Ready: PathfinderAI doesn't just find risks; it provides prioritized next steps for fixing them.

Note: Currently available as Early Access in the U.S. region.

We’ve rebuilt the Identity Security Risk Assessment (ISRA) from the ground up to provide a more structured, interactive analysis of your identity estate.

When you receive your assessment results, you will now be able to navigate seamlessly through a high-level overview, as well as breakdowns on overall security themes, an interactive True Privilege™ graph, and a tab for exploring all findings in a single location.

Additionally, access the Emerging Themes tab to get a deeper look at high-risk areas like AI agents and secrets management.

The assessment results also feature an interactive side panel. Click any row in your assessment to open the panel with full details—allowing for deep dives without losing your place in the assessment.

The Identity Security Risk Assessment is a high value feature within the Identity Security Insights product. Try it for free for 30 days, and when you purchase Insights, you’ll have the Identity Security Risk Assessment at your fingertips and continuously updated to help meet your compliance documentation needs.

We’ve also boosted Identity Security Insights’ discovery capabilities for privileges and Paths to Privilege™, further shining light into the dark corners of infrastructure where today’s attackers tend to hide.

• Active Directory Discovery: Insights now surfaces six new AD privilege paths, exposing "shadow admins" who have control over Certificate Authorities, domains, and OUs.

• Network Discovery: A separate discovery engine now allows you to scan endpoints and find local admins, SSH keys, and database users without additional products.

• Multi-Database Discovery: Uncover accounts that traditional identity security tools miss across multiple databases, including MS SQL, MySQL, and Oracle instances.

Cloud secrets are a stepping stone for an attacker to quickly pivot from one piece of your cloud environment and into many more. We’ve expanded Identity Security Insights coverage to help teams better manage identities across their multi-cloud environments and ensure no secret remains unmonitored.

• GCP Secret Manager: Insights now manages Google Cloud secrets, alongside existing AWS and Azure compatibility, complete with full hierarchical access analysis.

• AWS SSM Parameter Store: We can now model access relationships for SSM parameters, identifying insecure plaintext strings that should be encrypted.

• Secrets by Account: A new inventory view in Insights enables you to drill into individual access relationships and see exactly how an account reaches a secret—whether directly or through group inheritance.

As AI adoption grows, so does its risk. This quarter, we delivered 76 new detections and recommendations within Identity Security Insights, specifically for AI agents and platforms. These new findings cover widely used AI platforms such as Microsoft Copilot, AWS Bedrock, OpenAI, and more. Additionally, we now monitor auto-provisioned Bedrock users to catch unauthorized access keys and track bearer token calls.

New views for AI Tools and AI Datasets also allow you to track which specific functions and knowledge bases your agents can reach.

BeyondTrust introduced the Pathfinder MCP (Model Context Protocol) Gateway as an Early Access feature in Platform release 26.1. This release lets AI agents (VS Code copilots, custom chatbots, Cursor, Microsoft Security Copilot integrations, and more) connect directly and securely to your BeyondTrust environment through a single, authenticated endpoint.

This is a foundational capability release. The gateway is read-only, US-region only, and available on an opt-in basis. You can try it and opt out at any time. This release delivers the foundational platform capabilities for MCP access tokens, MCP Gateway/Proxy, Personal Access Tokens, and AI enablement controls.

A security tool is only effective if it is intuitive. We’ve overhauled Identity Security Insights’ interface to improve usability and keep your team in "the flow".

Now users can open multiple side panels simultaneously and drag the edges to customize their workspaces. They can also investigate access chains and privilege escalation paths directly within a side panel, without switching views.

Additionally, large graphs now use auto-grouping to maintain readability while preserving the ability to click and expand details.

To support our global customers, Insights is now officially available in the Australia and India regions. This expansion ensures your identity security data stays in-region to meet local data sovereignty and compliance requirements.

Q1 2026 has set a new standard for identity security, but we are just getting started. Whether you are an existing customer exploring the new PathfinderAI or a prospect looking to close the gaps in your AD and cloud security, there has never been a better time to get started with Identity Security Insights.

Stay secure, stay inspired.

For more details, visit the full changelogs at docs.beyondtrust.com.