Mimecast spring launch

Protecting the human layer of security—on your terms

The numbers don’t lie: 68% of breaches involve a human element. The insider risk landscape has shifted dramatically as shadow AI usage accelerates, data creation and movement is supercharged, and tech-savvy users try to hold onto sensitive IP and source code. Security teams are drowning—fragmented tools, alert fatigue, and manual workflows are slowing them down when speed matters most. CISOs need better visibility and management tools for human risk.

This spring, Mimecast is delivering a wave of Incydr enhancements designed to change that equation. Everything in this launch is anchored around three principles that our customers told us matter most: freedom of choice, simplicity, and efficacy.

To learn about enhancements across all of  Mimecast’s solutions, join us for a webinar on March 17.

Freedom of choice: your tools, your AI, your way

CISOs and their teams have invested heavily in their software stack. The last thing they need is another vendor forcing them to rip and replace what’s already working. Mimecast’s approach is different: we connect your existing security investments—email, endpoint, identity, SIEM, SOAR, and more—into a unified approach regardless of your tooling.

Bring your own AI with the Incydr MCP Server

The new Model Context Protocol (MCP) Server is the embodiment of this philosophy. Built on an open standard, the MCP Server lets analysts investigate events using natural language through Claude, ChatGPT, CoPilot, or any MCP-enabled LLM of their choice—no proprietary lock- in required.

With Incydr’s MCP Server Integration, you can upload documents like acceptable use policies to see policy violations, and get detailed reporting or CISO-style executive summaries generated automatically using the power of LLM

What does that look like in practice? An analyst can query Incydr data conversationally, asking plain-English questions about alerts, understanding whether events fall outside of uploaded acceptable use policies, and receiving AI-powered recommendations—all without learning complex query languages or navigating unfamiliar interfaces. CISOs and security leadership can get answers fast and generate executive reports without burdening their team.

The MCP Server is available now in early access for all Incydr customers at no additional cost. It’s included in all Incydr SKUs, reinforcing our commitment to delivering value without hidden licensing requirements.

Simplicity: cut through the noise with AI-powered investigation

CISOs need to help their teams operate effectively and efficiently as their teams work across multiple threat vectors and alert types. Security analysts investigate hundreds—sometimes thousands—of alerts each month. They struggle to determine which alerts to prioritize, lack context to speed resolution, and often need guidance on next steps. Alert fatigue isn’t just an inconvenience; it’s a security risk.

The Mihra Investigation Agent for Incydr

Enter the Mihra Investigation Agent—the first dedicated AI agent in Mimecast Incydr, purpose-built by Incydr experts. This is a dedicated, in-house LLM tailored specifically for Incydr’s data.

A sample event analyzed by Mihra transforms historical, user, department, and organizational patterns with risk indicators to identify an event as a “True Positive” with recommended next steps

The Mihra Investigation Agent transforms investigations in three critical ways: triaging to prioritize alerts that demand human investigation, contextual understanding to enrich events, and summarized overviews and recommendations for long-term efficacy.

The result? Operational efficiency that eliminates the complexity, time, and experience traditionally needed to find, enrich, and act on investigations. 

The Mihra Investigation Agent enters early access in March 2026 for all customers, with general availability planned for Q3 2026. Reach out to your account team to get access. And this is just the beginning—Mihra Configuration and Detection agents are planned for the coming quarters, extending agentic AI across more Incydr workflows.

Efficacy: shift from detection to protection with Adaptive Controls

Monitoring is essential. But when you can see sensitive data heading to a dangerous destination in real time, you need the power to stop it—without grinding business productivity to a halt. That’s exactly what Incydr’s new Adaptive Controls deliver.

Block by Destination: targeted prevention where It counts

Not all untrusted destinations are created equal. Organizations face thousands of third-party sites employees interact with, but only a handful are “obviously bad”—unsanctioned shadow AI tools, known exfiltration sites, or destinations that should never receive company data.

With Block by Destination, specific sites or categories of sites can be blocked entirely, or users can self-select why they need to move data with the fully-auditable “Temporary Allow” option, shown above from the user’s perspective 

Block by Destination enables targeted, real-time blocking of exfiltration to these high-risk destinations—up to 10,000 specific websites and categories identified by Incydr’s built-in AI classification capabilities—without disrupting legitimate business operations. Key capabilities include: Tailored controls that can be applied to specified users, near-instantaneous enforcement even when endpoints are offline, user transparency via browser notifications, and comprehensive audit trails.

This eliminates the productivity-versus-security trade-off that has plagued traditional DLP. You’re not over-blocking everything; you’re surgically stopping data movement to the destinations that truly pose a threat.

Block by Source: protect data based on where it came from

If you asked your CISO how much your most valuable data is worth—chances are the answer would easily be in the millions. Organizations also need the ability to protect data based on its origin—not just its destination. Files from financial systems, engineering repositories, HR databases, and executive folders carry inherent sensitivity, regardless of who’s moving them.

Incydr tracks file origins, allowing you to prevent exfiltration of high-value data to any untrusted destinations

Block by Source adds this critical dimension of control. It works by tracking data lineage—identifying where files originated—and applying preventative policies that automatically block any file from designated high-value sources when users attempt to upload or share it with untrusted destinations.

What makes this approach powerful: Real-time protection of sensitive data before it reaches untrusted destinations, risk-aligned security that aligns with business needs, false-positive avoidance using a targeted approach, and transparency with clear notifications and comprehensive audit trails.

Critically, these preventative controls are optional and complement existing adaptive controls like education—letting organizations match security intensity to actual business risk without sacrificing productivity. With Block by Source and Block by Destination, organizations can now choose monitoring-only and add granular prevention based on their risk appetite.

The bigger picture: integrated human risk protection

Each of these capabilities is powerful on its own. Together, they represent a shift in how organizations manage human risk.

Mimecast Incydr is built to deliver freedom of choice, simplicity, and efficacy with unmatched visibility from day 1, a wide range of adaptive controls, and a choice of powerful agentic AI to streamline workflows

Mimecast delivers AI-powered risk correlation of all data movement from day one to make insights actionable while reducing overhead—with built-in agentic AI capabilities that saves teams time, adaptive controls that prevent data loss without blocking productivity, and an open platform philosophy that meets customers where they are.

• Freedom of choice. Bring your own AI, enhance your existing investments, and integrate on your terms.
• Simplicity. Let AI handle the triage, the context, and the recommendations—so your team focuses on what truly matters.
• Efficacy. Move from detection to protection with adaptive controls that reduce risk without stifling productivity.

See the all the enhancements across the Mimecast portfolio.

Understand your data security posture with a complimentary Proof of Value

Get a complimentary 30-day Proof of Value and better understand your data security posture. This structured program is run by Incydr experts and ideal for organizations that need to enhance their visibility, balance collaboration with protection, and stay on top of the fast-changing world of work.