Getting started · read-only

See and score every AI identity in a client tenant.

AIRM runs a read-only, agentless assessment through the Microsoft Graph API, a full inventory of every AI agent, Copilot, service principal and non-human identity, with a scored NHI Risk report. We recommend a Global Admin completes the one-time connection.

✓ Read-only Microsoft Graph✓ Agentless, nothing installed✓ Global Admin recommended for setup✓ Revoke anytime
Register free → How it works →
How it works

Register, add a tenant, get a scored report.

AIRM is a platform, not a one-click scan from this website. You create an account, add a client tenant and approve read-only access; AIRM does the rest. If it finds risk, you act on it with a local Sabiki partner (your existing IT provider if you have one).

1

Register

Create your free Sabiki platform account, no credit card.

2

Add a client tenant

Inside the platform, add the Microsoft 365 tenant you want to assess.

3

Grant read-only consent

Approve read-only Microsoft Graph access. We recommend a Global Admin completes this one-time connection, it’s GDAP-compatible and agentless, and AIRM can’t change anything.

4

AIRM assesses the tenant

It inventories every AI agent, Copilot, service principal and non-human identity, about 60 minutes.

5

Get your scored report

Your NHI Risk Score, findings and blast-radius, within 24 hours.

6

Act with a partner

If it finds risk, remediate with a local Sabiki partner (your existing IT provider if you have one) and, if you want, move to continuous monitoring.

What read-only access we request

Delegated, read-only Microsoft Graph scopes, inventory only, no changes. A Global Admin is recommended to approve the connection.

PermissionWhyAccess
Directory.Read.AllList users, apps & service principals (the non-human identities)READ
Application.Read.AllSee app registrations, agents & their granted scopesREAD
AuditLog.Read.AllSpot stale / unused credentialsREAD
What your report shows, illustrative sample
387
Non-human identities found
6
AI agents with high blast radius
61%
Over-permissioned
1 in 5
Belong to ex-vendors/staff
FindingDetailSev
Agent with mailbox + app-management rightsMail.ReadWrite + Application.ReadWrite.AllCRITICAL
Service principal, credential 2.3 yrs oldNever rotated; owner left the companyCRITICAL
14 app registrations, no ownerOrphaned after past integrationsHIGH

Discovery is a point-in-time snapshot. Behavioural signals & anomaly detection activate with AIRM Continuous (after a 7-day baseline).

Answers, instantly, no call needed

Everything a prospect self-checks before granting access.

The same knowledge base powers the Ask AIRM assistant (bottom-right).

Chat with Sabiki
Ask about NHI risk, pricing or the MSP programme
Hi 👋 Want your NHI Risk Score, or a question about deploying Sabiki? Ask away, or register free.
Free NHI Risk Score →
Prototype, vendor chat widget mounts here (e.g. Intercom Fin).