Microsoft’s own documentation and recent reporting make a blunt admission: the new agentic AI capabilities arriving in Windows 11 introduce novel security risks that can — if mismanaged — lead to data theft or automated malware installation, and Microsoft is explicitly gating these features...
A deceptively simple diagram turned into a conduit for data theft: security researcher Adam Logue disclosed an indirect prompt‑injection chain that coaxed Microsoft 365 Copilot to fetch private tenant data, hex‑encode it, and hide it inside a Mermaid diagram styled as a fake “Login” button — a...
Microsoft 365 Copilot was briefly weaponized by a clever indirect prompt‑injection chain that turned Mermaid diagrams — the lightweight text-to-diagram tool now supported across Microsoft’s Copilot-enabled experiences — into a covert data‑exfiltration channel, allowing an attacker to have tenant...
GitHub Copilot Chat was quietly turned into an exfiltration channel by a newly disclosed flaw, dubbed CamoLeak, that let attackers hide prompts in pull requests and smuggle private data out of repositories using GitHub’s own image proxy — a potent reminder that integrating AI into development...
A new wave of security reports says ordinary employees are quietly turning generative AI into an unexpected exfiltration channel — copy‑pasting financials, customer lists, code snippets and even meeting recordings into ChatGPT and other consumer AI services — and the result is a systemic blind...
Speaker Mike Johnson’s announcement at the Congressional Hackathon that the U.S. House will begin a staged pilot giving thousands of House staffers access to Microsoft Copilot marks a dramatic reversal of last year’s ban and opens a high‑stakes test of how a legislative body adopts generative AI...
access control
ai governance
ai in government
audit logs
azure government
congressional ai
copilot
dataexfiltrationdata residency
data security
dod impact level
fedramp
gcc high
microsoft copilot
privilege
procurement
rbac
The House of Representatives has quietly moved from prohibition to adoption: according to an Axios briefing shared with reporters, the House will begin rolling out Microsoft Copilot for members and staff as part of a broader push to modernize the chamber and integrate artificial intelligence...
ai adoption
ai governance
ai in government
ai in office
ai modernization
audit logs
auditability
auditing
azure government
azure openai
cao
cao-security-guidance
capitol security
cloud security
cloud tenancy
congress
congress ai pilot
congress ai policy
congressional staff
congressional tech
congressional-hackathon
constituent services
contract terms
copilot
copilot rollout
cyber policy
cybersecurity
dataexfiltrationdata governance
data residency
data security
data-records
digital government
digital modernization
dod-il
enterprise ai
federal
fedramp
foia
gcc high
generative ai
governance
governance and compliance
government
government cloud
govtech
gsa
gsa onegov
house
house of representatives
human in the loop
immutable logs
independent audit
inspector general
legislative action
legislative technology
microsoft
microsoft 365
microsoft copilot
non-training
non-training clause
non-training clauses
onegov
oversight
pilot program
policy
policy transparency
privacy
procurement
public sector ai
public trust
rbac
records management
records retention
red team testing
regulatory compliance
security
security controls
staff productivity
tenancy
transparency
us house
workflow automation
The U.S. House of Representatives is moving from prohibition to pilot: beginning this fall, a limited rollout will make Microsoft Copilot available to Members of Congress and a subset of House staffers under a one‑year pilot that promises “heightened legal and data protections,” expands access...
ai governance
ai in government
audit logs
certification
constituent services
cybersecurity
dataexfiltrationdata security
fedramp compliance
governance
house copilot pilot
legislative drafting
microsoft 365
microsoft copilot
public sector ai
risk management
third-party assessments
vendor lock-in
workflow modernization
Australia’s small businesses face a sharp security cliff this month as Microsoft ends mainstream support for Windows 10, and researchers warn that a parallel surge in AI‑enabled attack techniques is widening the window of opportunity for criminals — a risk compounded by many organisations...
ai governance
ai security
ai tools
australian smbs
copilot echoleak
copilot zero click
dataexfiltration
echoleak
enterprise ai
llm security
patch management
privacy
prompt injection
smb security
windows 10 end of support
windows 10 esu
windows 11 upgrade
Australia faces a sharpened cyber‑risk horizon as Microsoft prepares to stop mainstream support for Windows 10 on October 14, 2025, at the same moment hackers are being handed increasingly powerful tools — and a new HP–Microsoft study warns many small and medium businesses are making themselves...
ai governance
ai risks
australian smbs
copilot echoleak
cve-2025-32711
dataexfiltration
device replacement
end of support
enterprise ai
esu
esu enrollment
extended security updates
hardware refresh
ransomware
smb security
windows 10
windows 10 end of support
windows 10 esu
windows 11 migration
Zenity’s expanded integration with Microsoft Copilot Studio embeds inline, real‑time attack prevention directly into Copilot Studio agents, promising step‑level policy enforcement, data‑exfiltration controls, and telemetry for enterprises that want to scale agentic AI without surrendering...
Zenity’s expanded integration with Microsoft Copilot Studio promises to bring native, inline attack prevention into the execution path of enterprise AI agents, positioning runtime enforcement and step-level policy controls as the new baseline for safe agent deployment at scale.
Background /...
Zenity’s expanded partnership with Microsoft plugs real-time, inline security directly into Microsoft Copilot Studio agents — a move that promises to make agentic AI safer for widespread enterprise use while raising new operational and architectural questions for security teams. The...
Microsoft’s Copilot for Microsoft 365 was supposed to make AI agents safer to run at enterprise scale; instead, recent reports show a control-plane failure that left some agents discoverable and installable despite tenant-level policy locks—forcing administrators into time-consuming, per-agent...
Microsoft quietly patched a vulnerability in Microsoft 365 Copilot that allowed the assistant to read and summarize enterprise files without producing the expected Purview audit entry — a gap that, if exploited, could let insiders or attackers extract sensitive data while leaving no trace in...
A security researcher’s routine Copilot query revealed a startling blind spot in Microsoft’s logging: under certain prompts, Copilot could return file summaries without leaving the expected Purview audit entry — and, according to the researcher, Microsoft quietly rolled out a fix without issuing...
Microsoft’s Copilot may have closed an eye‑catching zero‑click hole, but a quieter — and arguably more dangerous — problem has been bubbling under the surface: Copilot and related AI components are not reliably creating the audit trails organizations depend on for compliance and forensics. That...
Popular generative‑AI browser assistants can and do sweep up deeply personal data from ordinary web sessions — including health records, bank details and even social‑security numbers — and forward that content to remote servers where it can be tracked, profiled and reused in ways most users...
Zenity Labs’ Black Hat presentation unveiled a dramatic new class of threats to enterprise AI: “zero‑click” hijacking techniques that can silently compromise widely used agents and assistants — from ChatGPT to Microsoft Copilot, Salesforce Einstein, and Google Gemini — allowing attackers to...
AVEVA's PI Integrator for Business Analytics has been the subject of a coordinated security disclosure that identifies two authenticated, yet remotely exploitable, vulnerabilities which could permit file upload of dangerous types and the disclosure of sensitive output data — issues that demand...
aveva pi integrator
cisa icsa-25-224-04
credential leakage
critical infrastructure
cve-2025-41415
cve-2025-54460
dangerous file types
dataexfiltration
hdfs targets
ics security
insertion of sensitive information
network segmentation
ot security
patch management
pi integrator for business analytics
sensitive data
text file targets
unrestricted file upload
wdac allowlisting