ai security

Bonfy’s launch of Adaptive Content Security 2.0 lands squarely in the center of the enterprise AI security debate: how do you protect sensitive data when AI agents can read, write, and move information across email, collaboration suites, SaaS apps, browsers, and cloud storage without behaving...

Rajesh Jha’s announced departure — described in an internal memo circulating this morning — marks what would be one of the most consequential leadership transitions in Microsoft’s modern history: after 35 years at the company, the executive who presided over Office, Windows, Surface and the...

Microsoft is moving AI observability from a nice-to-have diagnostics layer to a security requirement for enterprise-grade GenAI and agentic systems. In its latest Security Blog post, the company argues that as AI agents gain the power to browse, retrieve, call tools, and collaborate across...

The AI security gap is no longer a theoretical footnote—it is now a definable risk vector that sits between the workflows enterprises want to automate and the controls security teams need to enforce, and closing that gap is the central challenge Mark Polino addressed on the AI Agent & Copilot...

Microsoft’s new operations-focused post takes the hard step beyond threat models and into the trenches: how to detect, investigate, and respond to prompt abuse in real-world AI deployments by instrumenting telemetry, hardening input handling, and turning product signals into actionable incident...

DataBahn’s newly announced deep integration with Microsoft Sentinel promises to collapse SIEM onboarding timeframes and materially lower analytics‑tier ingestion costs — claims that, if realized broadly, would change how security teams plan SIEM migrations and manage long‑term telemetry...

Mark Russinovich's thirty‑plus‑year‑old Apple II utility has become an unlikely canary in a rapidly evolving threat: modern large language models can reverse engineer raw machine code and surface latent bugs — even in 6502 binaries typed into a magazine in 1986 — and that capability both helps...

Michael Parekh’s latest RTZ dispatch, “AI: Weekly Summary. RTZ #1018,” lands as a compact but trenchant briefing for anyone who needs a practical read on where generative AI, platform risk, and the hardware market are converging this week. (michaelparekh.substack.com) Background / Overview...

Microsoft’s new guidance on threat modeling for AI applications arrives at a moment when enterprises are scrambling to put generative and agentic systems into production — and it does something important: it forces security teams to stop treating AI as “just another component” and start modeling...

IBM’s X‑Force now says infostealers exposed roughly 300,000 ChatGPT credentials last year — a number that changes how enterprises must think about identity, secrets, and the very idea of what constitutes a “sensitive” SaaS account. Background AI chatbots moved from novelty to daily work tool in...

The U.S. government’s tug-of-war with Anthropic, a new class of malware tradecraft that weaponizes web-capable AI assistants, and a blunt forecast from Gartner that generative AI may cost more than the human agents it was supposed to replace together mark a turning point: AI is now a...

Microsoft’s flagship productivity AI for Microsoft 365 has a glaring privacy problem: for weeks a code error allowed Copilot Chat to read and summarize emails that organizations had explicitly labelled as confidential, bypassing Data Loss Prevention (DLP) controls and undermining a core tenant...

Enterprise IT is hurtling toward an inflection point where AI is no longer an optional productivity layer but a persistent, machine‑speed conduit for both business value and cyber risk—and the latest ThreatLabz analysis from Zscaler makes that danger unmistakably clear. Released January 27...

Security researchers say a new wave of prompt‑injection techniques can coerce mainstream AI assistants — including Microsoft Copilot and xAI’s Grok — into behaving as covert command‑and‑control (C2) relays, exfiltrating data or executing attacker‑supplied workflows after a single crafted input...

Check Point Research’s demonstration that web-accessible AI assistants can be turned into covert command-and-control relays is a practical wake-up call: by using browsing and URL-fetch features exposed in services such as Grok and Microsoft Copilot, attackers can hide C2 traffic inside otherwise...

Enterprise leaders who treat AI as a feature will fail; those who treat AI as the fabric of how people work must secure the workplace differently — not by bolting old defenses onto new tools, but by redesigning controls, governance, and operational practices for an AI-native era. Background...

Microsoft’s new Security Dashboard for AI aims to give CISOs and IT administrators a single, operational control plane for the messy, fast-growing world of enterprise AI — consolidating identity, detection, and data signals into a single pane of glass and tying that visibility to prescriptive...

Microsoft’s new Security Dashboard for AI brings the fragmented signals that surround enterprise AI under a single pane of glass — offering visibility, prioritized remediation, and a delegation workflow designed for real-world operations teams while tapping Microsoft Security Copilot for...

Microsoft’s Defender researchers have pulled back the curtain on a quiet but powerful marketing vector: seemingly harmless “Summarize with AI” and “Share with AI” buttons that surreptitiously instruct chat assistants to remember particular companies or sites, creating persistent, invisible...

When Microsoft gave Microsoft 365 Copilot agents a simple, standard way to connect to tools and data using the Model Context Protocol (MCP), the payoff was immediate: answers sharpened, delivery accelerated, and new development patterns emerged—alongside a single, unavoidable question: if agents...