Incydr in 2025: A Year of Innovation and Enhanced Insider Risk Protection

It’s time to reflect on a landmark year for Incydr and our customers. This year saw a relentless pace of innovation, aimed squarely at helping organizations stay ahead of evolving insider risks while ensuring efficiency for security teams. From AI-driven workflows to expanded exfiltration visibility and preventative controls, let’s take a comprehensive look at all the new features introduced to Incydr in 2025—grouped by the themes that matter most to your security outcomes.

Agentic workflows & AI/ML: Intelligent automation for investigations

Incydr doubled down on agentic workflows and AI/ML this year, bringing transformative new ways to streamline and enhance insider risk investigations. October saw the release of an AI-driven feature that automatically names, summarizes, and classifies previously uncategorized file exfiltration destinations. This not only enriches risk events with extra context but automates a critical investigative step, allowing analysts to focus on what matters most.

The Incydr MCP Server allows customers to bring their own large language models (LLMs) and query Incydr in plain English for faster, more effective investigations

The Incydr MCP Server empowers security teams to bring their own LLM—integrating models like ChatGPT or Claude to query alerts and events in plain English, add business context, get AI-generated summaries, and receive actionable recommendations to close cases or proactively improve security. This first-to-market MCP Server dedicated to insider risk is designed to slash investigation times and ensure compliance by letting analysts upload policies and instantly check event alignment. We’re excited to share more AI innovations in 2026, so stay tuned as big announcements are coming soon.

Exfiltration visibility and inspection: seeing (and stopping) more than ever

Incydr offers quick glimpses of common use cases like unsanctioned AI use – broken down by tool. Analysts can do deep dives on incident details and see exactly what data is moving where.

Visibility is the bedrock of effective insider risk management—and Incydr pushed the boundaries in 2025. The year began with new detection capabilities for DeepSeek GenAI activity, complete with dashboard visualizations and risk indicators. By February, Incydr introduced 30 new risk indicators for specific AI tool destinations, keeping organizations protected as generative AI adoption soared.

Throughout the year, Incydr delivered a steady stream of enhancements: Detection of credentials in source code, improved visibility of email attachments in our email detectors, and optional regular expressions added to content inspection—which now includes UK, South African, and Canadian PII. For our Incydr Gov customers, we added support for OneDrive and O365 GCC high environments.

Analysts can now filter and investigate cloud storage download events, monitor pasted content to untrusted destinations, and leverage new SharePoint detection capabilities built into the OneDrive detector. Workflow improvements for getting to the right information, fast abound with custom dashboards for risk scenarios and new alert settings to reduce noise. Incydr’s exfiltration visibility and content inspection have never been more powerful or user-friendly.

Preventative controls: Universal, flexible, and seamless

Incydr’s Tenant Wide Controls allows proactive blocking of specific use cases to apply across the environment as a last step measure to stop data exfiltration. So administrators can block uploads, pasting, sources, apps, private browsing, mountable media, and more.

Preventing data loss proactively became easier and more effective with Incydr in 2025. The Tenant Wide Controls feature, launched in November, enables security admins to enforce USB, personal cloud, and upload restrictions organization-wide—eliminating manual watchlist management and reducing policy gaps. Earlier, Incydr extended watchlist exclusions to groups and departments, making it simple to apply controls broadly while handling exceptions gracefully. 

Block by Source, introduced in July as an early access program empowers organizations to surgically block exfiltration from their crown jewel data sources—without imposing blanket restrictions that hamper productivity. 

But keeping your employees informed can reduce risk, like it did for one customer who cut data exfiltration by 36% in just 4 months using our 70+ Incydr Instructor lessons that offer helpful nudge in-the-moment. They’re now available in 18 languages, further strengthening your global human firewall.

Human risk integration: Seamless access across the Mimecast Platform

Mimecast’s Human Risk Management platform helps secure your organizations more effectively by connecting the dots between humans and technology. Incydr has SSO from Mimecast AdCon to Incydr and also uses data exfiltration events in scoring.

Recognizing that insider risk is as much about people as it is about technology, Incydr made important strides in human risk integration. September’s launch of single sign-on from Mimecast AdCon to Incydr means customers now enjoy seamless navigation between Cloud Gateway and Incydr, using existing credentials for a frictionless admin experience. This integration marks a key milestone in Mimecast’s evolution toward a unified human risk management platform. Today customers can use data exfiltration events from Incydr to more accurately score human risk in the Human Risk Command Center.

Supporting modern deployments: Intune, new browsers, and more

To ensure security keeps up with IT realities, Incydr simplified agent deployment via a new Intune lab, making it straightforward for Windows environments to roll out protection at scale. Browser coverage expanded with the beta of our Firefox extension. And new enhancements to the SDK, CLI, and REST APIs ensure organizations can automate and orchestrate Incydr controls as part of their broader security ecosystem. Security teams can now bulk deactivate endpoint agents, making large scale environment changes easier to handle.

Looking ahead: Building on a year of momentum

2025 was a banner year for Incydr and the organizations that rely on it to manage insider risk. From game-changing AI integrations and expansive exfiltration coverage to universal preventative controls and seamless platform integration, Incydr’s advancements this year have set a new standard for both capability and usability. As we look forward to 2026, Mimecast remains committed to helping our customers stay one step ahead of insider risk management—delivering innovations that make security simpler, smarter, and more effective for the road ahead.

Hope is not a plan: See your organization’s insider risk

The Incydr product tour lets you see the interface, key functionality, and gives you a preview of what to expect before your custom Proof of Value in your environment

When we hear from new prospects who don’t have an insider risk program in place, they usually ask, “How bad could it be?”. Well, unfortunately, even with the best employees insider risk is extremely common. Have no fear though, you can see what you’re missing by checking out our product tour, no form-fill required,  or work with our insider risk specialists to get your own Proof of Value in your environment. Thank you for joining us on this journey. Here’s to another year of raising the bar!