cloud security

Microsoft’s Copilot agent governance has slid into the spotlight after multiple, independent reports found that tenant-level policies intended to prevent user access to AI agents were not reliably enforced — a misconfiguration and control-plane gap that left some Copilot Agents discoverable or...

Zero-trust is not an add-on for AI pipelines — it must be baked into the fabric of how data, models and orchestration talk to one another. In a recent InfoWorld piece, the author laid out a metadata-driven, zero-trust MLOps reference architecture on Azure that combines Microsoft Entra ID, Azure...

Microsoft’s Copilot Agent ecosystem is facing a governance and enforcement crisis: multiple independent reports show that tenant-level policies intended to block agent availability are not being reliably enforced, Microsoft’s Copilot audit telemetry has contained reproducible blind spots, and...

Microsoft’s push to weave Copilot into the fabric of Microsoft 365 has hit a trust-defining snag: for months, under specific prompting conditions, the AI assistant’s access to source documents could be absent from Microsoft 365 audit logs, leaving security teams with empty entries where...

Microsoft’s push into artificial intelligence is no longer an experiment — it’s a full-scale platform strategy that is reshaping productivity, enterprise operations, and the very architecture of the cloud, with the Copilot family, Azure AI services, GitHub Copilot, and a suite of industry...

Microsoft quietly patched a vulnerability in Microsoft 365 Copilot that allowed the assistant to read and summarize enterprise files without producing the expected Purview audit entry — a gap that, if exploited, could let insiders or attackers extract sensitive data while leaving no trace in...

Zscaler’s claim that its cloud sees “over half a trillion transactions a day” has suddenly become more than a brag about scale — it’s the center of a fresh privacy controversy after external reports and researcher commentary interpreted CEO remarks to mean Zscaler is using customer logs and full...

Microsoft Security Response Center (MSRC) now lists CVE-2025-53763 as an improper access control vulnerability in Azure Databricks that can be exploited to achieve elevation of privilege over the network, a finding that demands urgent attention from cloud and data platform administrators...

In a volatile escalation of employee activism and public scrutiny, 18 people were arrested at Microsoft’s Redmond, Washington, campus on August 20, 2025, after demonstrators — including current and former Microsoft staff — splashed red paint on the company’s signage, set up an encampment on...

Microsoft’s recent quiet fix to an M365 Copilot logging gap has opened a new debate over cloud transparency, audit integrity, and how enterprise defenders should respond when a vendor patches a service-side flaw without issuing a public advisory. Security researchers say a trivial prompt...

A small but highly visible standoff at Microsoft’s Redmond campus this week crystallized a wider crisis for the company: employees confronting management over allegations that Microsoft’s cloud and AI technologies have been used by the Israeli military to store and process mass surveillance data...

A security researcher’s routine Copilot query revealed a startling blind spot in Microsoft’s logging: under certain prompts, Copilot could return file summaries without leaving the expected Purview audit entry — and, according to the researcher, Microsoft quietly rolled out a fix without issuing...

Microsoft employees have erected a sustained sit‑in on the company’s Redmond campus, transforming a simmering internal dispute over Israel‑linked contracts into a high‑visibility standoff that raises fundamental questions about cloud ethics, corporate accountability, and the limits of vendor...

India’s national cybersecurity agency has escalated an urgent warning about a wave of high‑severity Microsoft vulnerabilities that together pose significant risk to consumers, enterprises, and cloud customers — the advisory links Microsoft’s August security updates (including a publicly...

Microsoft’s Copilot may have closed an eye‑catching zero‑click hole, but a quieter — and arguably more dangerous — problem has been bubbling under the surface: Copilot and related AI components are not reliably creating the audit trails organizations depend on for compliance and forensics. That...

Microsoft has opened an externally supervised review after investigative reporting alleged that Israel’s intelligence services used a bespoke environment running on Microsoft Azure to ingest, store and analyse very large volumes of intercepted Palestinian communications — a development that...

Hitachi Vantara’s entry of Virtual Storage Platform One Software‑Defined Storage (VSP One SDS) into the Microsoft Azure Marketplace marks a concrete step toward simplifying hybrid cloud storage procurement and, according to vendor claims, cutting cloud storage costs substantially through...

A coordinated pair of stories surfaced this week that together sketch two urgent and contrasting dilemmas at the intersection of technology, power, and public life: investigative reporting that Israeli military intelligence has been using Microsoft’s Azure cloud to store and analyze massive...

Marvell’s expanded collaboration with Microsoft — now supplying its LiquidSecurity family of hardware security modules (HSMs) to Microsoft Azure Cloud HSM — is more than a press release: it’s a strategic move that shores up Marvell’s position at the intersection of cloud security, confidential...