Pathix diffs every scan against the last, so the privilege that appeared overnight, the writer that showed up on a field, the role the platform quietly widened, all surface before they become an incident. And the questions you field all day, who can write this, what touches that, are thirty-second answers off the same scan.
Every scan is compared against the one before it: new and removed writers, source changes, and security deltas down to a single privilege grant or a role that moved from Local to Global. The most valuable part is the part you can't get anywhere else. It catches the changes you didn't make. When Microsoft auto-grants a new custom role a stack of SharePoint privileges you never set, Pathix shows you. The role editor won't, because it only shows the current state, never how it got there.
It is a deterministic diff of one scan against the next, no AI and no inference. The highest-confidence thing Pathix can tell you: this exists now, and it didn't before.
Search a column and Pathix opens its Touchpoints: one list of everything that writes it (plugins, workflows, flows, form scripts, canvas apps) and everything that reads it, ranked by salience so the most graph-prominent edges sit on top. Every edge carries a confidence tier and names the component it came from, so you click straight through instead of opening assemblies one at a time. The classic writers-and-dependents split is still one tab over, as Split view.
This maps what canwrite a field, and what changed between scans. It does not read the audit log to name who wrote a specific value at runtime; that stays Dataverse auditing's job. What it does is narrow the suspects from everything to the few components that could have.
With AI on: AI-derived edges surface the dynamic and late-bound writes static parsing can't prove on its own, each one labeled and coupled to its evidence.
Salience ranks the fields and components that stand out in the graph, noisiest first, never a risk ranking. Each hotspot opens as something you can act on: see why it surfaced (fan-in, sensitivity, an adjacent finding, unresolved edges), then mark it noted, dig in, or set it not relevant, assign it, and leave a reason. Every step lands in an activity log. There is no fix to close, because a hotspot is awareness, not a verdict.
Ask it from the user: who is this person, and what can they actually reach, resolved across every role and team they belong to. Or ask it from the field: who can write this, across all the principals that can, and the path each one takes to get there. The catch usually hides in the path, the user who still has write access through a team nobody thought to audit.
FROM THE USER · WHAT CAN THEY TOUCHFROM THE FIELD · WHO CAN TOUCH ITWith AI on: hand the incident to an agent over the Pathix MCP and it traces who can reach the field and how, while you read the answer.
Pathix surfaces which columns are field-secured and which profiles actually grant access to them, including the gap that quietly breaks things: a field secured with no profile granting read, so it's invisible to the people who are supposed to see it. It accounts for the System Administrator bypass correctly, so what you see is real exposure, not a false alarm.
Every scan runs a security audit against the real customization graph: a privileged role shared between a human and an integration account, a disabled user that still holds its roles, an application user that can write to the security model. Each finding is ranked, assigned, and tracked from open to mitigated, with a decision log that is audit-grade by the time anyone asks.
The full security workbench: the console, every finding, and the trend →
A 30-minute walkthrough on a pre-scanned demo environment. No access to your tenant, nothing to install.