Sabiki was founded by engineers and executives who spent decades inside the organisations that set the standard for enterprise cybersecurity β and saw firsthand the gap that AI agents and non-human identities were about to create.
Sabiki was founded in 2021 by a team of cybersecurity engineers and executives with over 30 years of combined experience working at and with organisations that define the industry β companies that appear year after year in Gartner Magic Quadrant reports across multiple security categories.
We didn't start with AIRM. Our first product, Sabiki Email Security, proved that proprietary AI models could outperform legacy solutions at detecting and predicting phishing β validating our core belief that machine learning applied to Microsoft 365 data produces meaningfully better security outcomes.
As we built BEC protection into Sabiki Email Security by layering in human identity signals, we kept encountering the same unguarded threat surface: non-human identities. AI agents, service principals, and automated accounts operating with broad permissions and zero governance. The more we looked, the larger the problem became. AIRM was the answer.
In 2025, we consolidated our engineering operations entirely in Australia β a deliberate decision driven by our commitment to privacy-first development, proximity to the regulatory environment shaping AI governance, and the depth of Australia's security engineering talent.
You cannot govern what you cannot see. Before any alert, any score, any compliance report β AIRM starts by showing you exactly what is in your environment. No assumptions. No approximations. A complete, accurate inventory of every identity, from day one.
A security tool that only sees the present is of limited value. AIRM is designed to get smarter with every scan β building behavioural baselines, tracking change over time, and detecting anomalies that only become visible when you understand what normal looks like. History is a security asset.
AI agents are new. The governance frameworks for them are still being written. We believe that in this environment, response actions should be human-initiated β always. AIRM surfaces findings and provides guidance. Your team makes the call. That's not a limitation. It's a principle.
Sabiki is incorporated as a co-headquartered security software company. The founding team β engineers and executives with backgrounds at Gartner Magic Quadrant-recognised security organisations β sets out to build the identity monitoring tool they wished existed at their previous organisations.
Our first product, Sabiki Email Security, is built and launched. Using a proprietary AI detection engine, we demonstrated that machine learning models could more accurately identify and predict phishing attempts than legacy rule-based solutions β a thesis that proved out in production. This work gave us deep, hands-on experience building AI models that operate on Microsoft 365 data at scale.
As Sabiki Email Security matured, we began cross-pollinating it with human identity metrics to provide better Business Email Compromise (BEC) protection β understanding not just the email, but who sent it and what access they had. In doing so, we kept encountering the same blind spot: non-human identities. Service principals, AI agents, and automated accounts with broad permissions, no owners, and no governance. The threat surface was enormous and almost entirely unmonitored. Research on AIRM begins.
Development operations consolidate fully in Australia. We formalise our privacy-first philosophy as a foundational commitment β not a marketing position. Data sovereignty options, read-only architecture, and the principle that customer data is never used for third-party purposes become explicit engineering constraints, not optional features.
AIRM goes live. The platform monitors AI agents and non-human identities in Microsoft 365 environments for MSPs and direct enterprise customers across Asia-Pacific, Europe, and beyond β with coverage for EU AI Act, DORA, ISO 42001, Essential Eight, and 7 additional compliance frameworks built in from day one.
In 2025 we made a deliberate decision to formalise privacy as an engineering constraint β not a compliance checkbox. Every feature we build, every data flow we design, every third-party integration we consider is evaluated against a single question: does this respect the customer's right to control their own data?
A security platform that handles sensitive Microsoft 365 tenant data has an obligation to treat that data with the same care it asks its customers to apply to the identities in their environments. We hold ourselves to that standard.
AIRM never writes to your Microsoft 365 environment without explicit, per-action consent from an authorised user. Read-only is not a limitation β it is the architecture.
Enterprise customers can specify the Azure region where their data is stored β Singapore, Australia, EU, UK, or anywhere Microsoft Azure operates globally. We put data residency in your hands.
We do not sell customer data. We do not use customer data for advertising. We do not share tenant security data with third parties beyond what is necessary to deliver the service.
AIRM is hosted on Microsoft Azure β SOC 2 Type II attested, ISO 27001 certified, with AES-256 encryption at rest and TLS 1.2+ in transit across all data paths.
When you disconnect a tenant or close your account, your data is deleted within 30 days. No hidden retention, no repurposing. Your data leaves when you do.
Connect your first Microsoft 365 tenant in minutes. No agents, no complex setup, no credit card.