Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft 365 E7 and the Rise of AI Agents: What Security Leaders Need to Know

For years, enterprise security focused on protecting users, endpoints, applications and data. Today another identity is entering the enterprise. AI agents. Unlike traditional chatbots that simply answer questions, modern AI agents can perform tasks on behalf of users. They can search corporate knowledge, summarize documents, create reports, interact with business applications and, with appropriate permissions, execute multi-step workflows.

Day in the Life of an Incident Responder: Following the Evidence

Incident response doesn’t always start with a dramatic alert or a perfectly framed timeline. More often, it starts with uncertainty. Something feels off. An executive notices unusual activity in their inbox. A user reports a login they don’t recognize. Suspicious emails have been sent. Data may or may not have been accessed. The facts are incomplete, the questions are piling up, and the pressure is already building.

Why Traditional Incident Response Retainers Leave CISOs Exposed (and Money on the Table)

I have lost count of the post-incident reviews where the most painful conversation was not about the breach itself. It was about the retainer. A CISO realizes the prepaid hours expired six weeks before the intrusion began. A General Counsel discovers the retained firm is not on the cyber insurance panel and the claim is now in dispute. A board member asks why an organization that paid for "preparedness" spent the first eighteen hours of an incident negotiating scope.

Connecting Custom Agents to Microsoft Agent 365 with the SDK [Part 2]

In Part 1, we covered onboarding Microsoft-native agents and SaaS AI platforms — the paths that need configuration, not code. Now we look at connecting agents that have no native integration — self-built frameworks and agents you build and run yourself. If an agent is missing from the M365 admin center inventory and the import-agents feature doesn’t support it, then the Microsoft Agent 365 SDK may be needed.

Monitoring Agents and SaaS AI Platforms with Microsoft Agent 365 [Part 1]

Agent usage is exploding and in Microsoft 365, agents aren’t monitored by default. Even though it’s early days for tools that can monitor agents, Microsoft’s newly released Agent 365 evolves this new category with some powerful capabilities. Here are some tips for using Microsoft Agent 365 and related tools to monitor agents. Solutions discussed in this post: This is part 1 of a two-part series.

AI Is Reshaping Cyber Risk Faster Than Most Boards Realize

Artificial Intelligence is no longer a future cybersecurity concern. It is actively reshaping how attacks are conducted, how organizations respond, and how business leaders must think about enterprise risk. While much of the conversation around AI has focused on productivity and innovation, threat actors are already leveraging AI to make cyber-attacks faster, more scalable, more convincing, and increasingly difficult to detect.

More Security Tools Rarely Mean Faster Detection

Organizations continue investing heavily in cybersecurity tools, yet many security operations centers (SOCs) still struggle with alert fatigue, investigative delays, and inconsistent response outcomes. The issue is not necessarily a lack of technology. In many environments, it is the opposite. As security stacks expand, operational complexity often expands with them.

CISO's Corner - 6 Observations from Gartner SRM 2026

Artificial Intelligence continued to dominate the conversation, and content, but the key theme throughout the Gartner Security & Risk Management experience was a little bit more subtle. This year, CISOs from all across the globe came to connect, learn, and explore with peers, vendors, and Gartner, navigating individual and business resilience challenges.

What OMB M-26-14 Means for Your Agency and Where to Focus Now

OMB M-26-14 introduces a significant change in how federal agencies approach logging, monitoring, and incident response. Rather than emphasizing volume and retention of log data, the memo centers on how effectively agencies can use telemetry to support detection, investigation, and response across the full threat lifecycle. For cybersecurity leaders, the implication is clear: logging is now closely tied to operational performance.

Day in the Life of a Red Teamer: Thinking Like the Adversary

There’s a persistent myth about red team operators: that the job is all zero-days, glowing terminals, and cinematic “I’m in” moments. The reality is more interesting and far more human. A day in the life of a red teamer is less about chasing flashy exploits and more about understanding how real people, real systems, and real environments fail under pressure.