惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
L
LINUX DO - 最新话题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Forbes - Security
Forbes - Security
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
W
WeLiveSecurity
Jina AI
Jina AI
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News and Events Feed by Topic
V
V2EX
Stack Overflow Blog
Stack Overflow Blog
Engineering at Meta
Engineering at Meta
PCI Perspectives
PCI Perspectives
Martin Fowler
Martin Fowler
T
The Exploit Database - CXSecurity.com
F
Full Disclosure
WordPress大学
WordPress大学
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
SegmentFault 最新的问题
P
Privacy International News Feed
IT之家
IT之家
M
MIT News - Artificial intelligence
G
GRAHAM CLULEY
Hacker News: Ask HN
Hacker News: Ask HN
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
Check Point Blog
美团技术团队
Security Latest
Security Latest
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
MyScale Blog
MyScale Blog
H
Help Net Security
宝玉的分享
宝玉的分享
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
The Cloudflare Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
Intezer
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
AI
AI
I
InfoQ
N
News | PayPal Newsroom
TaoSecurity Blog
TaoSecurity Blog

VentureBeat

Anthropic says it hit a $30 billion revenue run rate after 'crazy' 80x growth OpenAI voice models get GPT-5-class reasoning Vibe coding exposed 380,000 corporate apps — 5,000 held sensitive data AI agent identity: how to govern agentic AI in 6 stages Anthropic wants to own your agent's memory, evals, and orchestration — and that should make enterprises nervous Enterprise GPU utilization: why 95% of AI infrastructure spend is wasted Governance, not gatekeeping: How SAP brings enterprise‑grade safety to AI connectivity Anthropic introduces "dreaming," a system that lets AI agents learn from their own mistakes RL orchestration: how a 7B model routes tasks across GPT-5, Claude, and Gemini Meet ZAYA1-8B, a super efficient open reasoning model trained on AMD Instinct MI300 GPUs Anthropic Skill scanners passed every check. The malicious code rode in on a test file. Why AI breaks without context — and how to fix it Market research is too slow for the AI era, so Brox built 60,000 identical 'digital twins' of real people you can survey instantly, repeatedly The app store for robots has arrived: Hugging Face launches open-source Reachy Mini App Store with 200+ apps Scaling AI into production is forcing a rethink of enterprise infrastructure Miami startup Subquadratic claims 1,000x AI efficiency gain with SubQ model; researchers demand independent proof. GPT-5.5 Instant shows you what it remembered — just not all of it One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it AI agents are missing all the discussions your team is having. SageOX has an answer: agentic context infrastructure OpenAI turns its sold-out GPT-5.5 party into a monthlong Codex giveaway for 8,000 developers Inside AMEX’s agentic commerce stack: How intent contracts and single-use tokens enforce AI transactions The RAG era is ending for agentic AI — a new compilation-stage knowledge layer is what comes next Salesforce Agentforce Operations fixes workflows breaking enterprise AI MCP command execution flaw: what security teams need to know The scaffolding era is over. LlamaIndex says context is the new moat xAI launches Grok 4.3 at an aggressively low price and a new, fast, powerful voice cloning suite Hidden IT problems are quietly creating risk, shadow IT, and lost productivity Alibaba's HDPO cuts AI agent tool overuse from 98% to 2% One tool call to rule them all? New open source Python tool Runpod Flash eliminates containers for faster AI dev Why OpenAI's 'goblin' problem matters — and how you can release the goblins on your own AI coding agents breached: attackers targeted credentials, not models | VentureBeat Writer launches AI agents that can act without prompts, taking on Amazon, Microsoft and Salesforce Netomi raises $110 million as Accenture and Adobe bet on AI for customer service Cheaper tokens, bigger bills: The new math of AI infrastructure Amazon’s OpenAI gambit signals a new phase in the cloud wars — one where exclusivity no longer applies Enterprise RAG rebuild: hybrid retrieval adoption tripled in Q1 2026 IBM launches Bob with multi-model routing and human checkpoints to turn AI coding into a secure production system AWS Quick's knowledge graph creates an orchestration blind spot Why enterprise GPU utilization is stuck at 5% — and why the fix makes it worse Definity embeds agents inside Spark pipelines to catch failures before they reach agentic AI systems How to build custom reasoning agents with a fraction of the compute American AI startup Poolside launches free, high-performing open model Laguna XS.2 for local agentic coding Mistral AI launches Workflows, a Temporal-powered orchestration engine already running millions of daily executions Microsoft and OpenAI gut their exclusive deal, freeing OpenAI to sell on AWS and Google Cloud Open source Xiaomi MiMo-V2.5 and V2.5-Pro are among the most efficient (and affordable) at agentic 'claw' tasks AI framework autonomously outperforms human-designed R&D baselines Why supply chains are the proving ground for automation‑led iPaaS RAG precision tuning can quietly cut retrieval accuracy by 40%, putting agentic pipelines at risk Enterprises are obsessing over model accuracy while ignoring the infrastructure layer where AI systems actually break. Monitoring LLM behavior: Drift, retries, and refusal patterns CVSS vulnerability triage: 5 failures, 5 fixes DeepSeek-V4 arrives with near state-of-the-art intelligence at fraction of the cost of Opus 4.7, GPT-5.5 85% of enterprises are running AI agents. Only 5% trust them enough to ship. AI synthetic audiences are already here and poised to upend the consulting industry Mystery solved: Anthropic reveals changes to Claude's harnesses and operating instructions likely caused degradation OpenAI's GPT-5.5 is here, and it's no potato: narrowly beats Anthropic's Claude Mythos Preview on Terminal-Bench 2.0 New startup BAND debuts agentic mesh with deterministic routing to govern multiple enterprise AI agents across model providers, channels OpenAI unveils Workspace Agents, a successor to custom GPTs for enterprises that can plug directly into Slack, Salesforce and more Google and AWS split the AI agent stack between control and execution Are you paying an AI ‘swarm tax’? Why single agents often beat complex systems OpenAI launches Privacy Filter, an open source, on-device data sanitization model that removes personal information from enterprise datasets Google doesn't pay the Nvidia tax. Its new TPUs explain why. Salesforce’s Agentforce Vibes 2.0 targets a hidden failure: context overload in AI agents Google’s Gemini can now run on a single air-gapped server — and vanish when you pull the plug The modern data stack was built for humans asking questions. Google just rebuilt its for agents taking action. Google’s new Deep Research and Deep Research Max agents can search the web and your private data Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain The AI governance mirage: Why 72% of enterprises don’t have the control and security they think they do OpenAI's ChatGPT Images 2.0 is here and it does multilingual text, full infographics, slides, maps, even manga — seemingly flawlessly Kimi K2.6 runs agents for days — and exposes the limits of enterprise orchestration What AI model should you use for revenue intelligence? Von says all the big ones, and it will automate mixing and matching for you Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it Train-to-Test scaling explained: How to optimize your end-to-end AI compute budget for inference AI agent security maturity audit: enterprises funded stage one, stage-three threats arrived anyway Anthropic just launched Claude Design, an AI tool that turns prompts into prototypes and challenges Figma Should my enterprise AI agent do that? NanoClaw and Vercel launch easier agentic policy setting, approval dialogs for messaging apps Salesforce launches Headless 360 to turn its entire platform into infrastructure for AI agents Are we getting what we paid for? How to turn AI momentum into measurable value OpenAI debuts GPT-Rosalind, a new limited access model for life sciences, and broader Codex plugin on Github OpenAI drastically updates Codex desktop app to use all other apps on your computer, generate images, preview webpages Anthropic releases Claude Opus 4.7, narrowly retaking lead for most powerful generally available LLM AI lowered the cost of building software. Enterprise governance hasn’t caught up Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway Frontier models are failing one in three production attempts — and getting harder to audit Meta researchers introduce 'hyperagents' to unlock self-improving AI for non-coding tasks We tested Anthropic’s redesigned Claude Code desktop app and 'Routines' -- here's what enterprises should know AI's next bottleneck isn't the models — it's whether agents can think together Adobe’s new Firefly AI Assistant wants to run Photoshop, Premiere, Illustrator and more from one prompt Traza raises $2.1 million led by Base10 to automate procurement workflows with AI Agentic coding at enterprise scale demands spec-driven development Designing the agentic AI enterprise for measurable performance Five signs data drift is already undermining your security models Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops. Intuit compressed months of tax code implementation into hours — and built a workflow any regulated-industry team can adapt OpenAI introduces ChatGPT Pro $100 tier with 5X usage limits for Codex compared to Plus Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook Claude, OpenClaw and the new reality: AI agents are here — and so is the chaos Goodbye, Llama? Meta launches new proprietary AI model Muse Spark — first since Superintelligence Labs' formation LLM-referred traffic converts at 30-40% — and most enterprises aren't optimizing for it
Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat
michael.nune · 2026-05-05 · via VentureBeat

Microsoft last week took Agent 365, its management platform for AI agents, out of preview and into general availability — a move that signals the software giant believes the governance challenge around autonomous AI is no longer theoretical but operational and urgent.

The product, first announced at Microsoft's Ignite conference in November, positions itself as a unified control plane that lets enterprise IT and security teams observe, govern, and secure AI agents wherever they run: inside Microsoft's own ecosystem, on third-party cloud platforms like AWS Bedrock and Google Cloud, on employee endpoints, and increasingly across a sprawling ecosystem of SaaS agents built by partner software companies.

But the most striking element of the launch isn't the general availability milestone itself. It's Microsoft's aggressive push into discovering and managing local AI agents — the coding assistants, personal productivity tools, and autonomous workflows that employees are installing on their own devices, often without IT's knowledge or blessing. Microsoft calls this phenomenon "shadow AI," and it is an entirely new category of enterprise security risk that most organizations are only beginning to grapple with.

"Most enterprises are trying to figure out how to harness the potential of autonomous agents," David Weston, Corporate Vice President of AI Security at Microsoft, told VentureBeat in an exclusive interview. "They're trying to find a balance between what we call YOLO — just let anything run — and 'oh no,' where nothing works at all."

Why Microsoft says rogue AI agents are already a security crisis inside the enterprise

The timing of Agent 365's general availability reflects an uncomfortable reality: AI agents have already outpaced the governance infrastructure designed to manage them. Enterprises that spent years building controls for cloud applications and SaaS software now face a fundamentally different kind of sprawl — one where autonomous software can invoke tools, access sensitive data, chain together with other agents, and take actions on behalf of users or entirely on their own.

Weston described three specific categories of security incidents that Microsoft is already observing across its enterprise customer base. The first, and most common, involves developers rushing to connect agents to backend systems and inadvertently exposing sensitive infrastructure. "A canonical thing we're seeing a lot across the board is these MCP servers that are then being connected to a sensitive back end system and then exposed unauthenticated to the internet," Weston said. "That can lead to PII or data leaks."

The second category involves what security researchers call cross-prompt injection — attackers embedding malicious instructions in data sources like software tickets, websites, or wikis that an agent is likely to ingest. "We are seeing attackers use untrusted data sources to put in what we call cross-prompt injection prompts, which will basically direct your agent to do whatever the attacker wants," Weston explained. While he noted this attack vector remains less common, "when we do see it, it's higher impact."

The third and perhaps most pervasive issue is more mundane but no less dangerous: agents connected to data sources and DLP systems that simply aren't designed to understand agentic access patterns. "Data sources and DLP systems that are not agent-aware are exposing high-sensitive data down to maybe a vendor," Weston said, adding that such incidents carry "a lot of costs and a lot of risk."

Inside Agent 365, the $15-per-user control plane for governing AI agents at scale

At its core, Agent 365 functions as a centralized registry and policy engine for AI agents. It provides IT administrators with a single view of every agent operating within their environment — whether that agent was built with Microsoft Copilot Studio, deployed on AWS Bedrock, running as a SaaS integration from a partner like Zendesk or SAP, or installed locally on a developer's Windows machine.

The platform supports three distinct categories of agents, each with different availability status at launch. Agents working on behalf of users through delegated access — such as an inbox organizer operating with a user's permissions — are now generally available within the control plane. Agents operating behind the scenes with their own access credentials, like an autonomous system triaging support tickets, are also generally available. A third category, agents participating in team workflows with their own access, enters public preview today.

Agent 365 is available as part of the new Microsoft 365 E7 suite or as a standalone product priced at $15 per user per month. Each license covers an individual who manages, sponsors, or uses agents to work on their behalf. The pricing model is designed to scale predictably: organizations pay per person who interacts with the agent ecosystem, not per agent — a structure that acknowledges the reality that agent counts are a moving target in most enterprises.

How Microsoft hunts for unauthorized AI tools hiding on employee laptops

Perhaps the most significant new capability in today's launch is Agent 365's ability to discover and manage local AI agents — the tools that developers and knowledge workers are installing directly on their Windows devices, often without any oversight from IT.

Starting today, organizations enrolled in Microsoft's Frontier program can use Agent 365, powered by Microsoft Defender and Intune, to detect OpenClaw agents running on managed Windows devices. Administrators can view which devices are running OpenClaw, and they can apply Intune policies to block common execution methods. A new "Shadow AI" page in the Microsoft 365 admin center serves as the central dashboard for this discovery process.

The choice to begin with OpenClaw was deliberate. "Our criteria is simply customer demand," Weston told VentureBeat. "We're hearing across the board that enterprises understand OpenClaw represents a new type of software. They want to be on the frontier, they want to leverage all the benefits, but they also want the deterministic control that lets them establish a clear boundary in their enterprise."

Microsoft plans to expand local agent discovery to 18 different agent types by June 2026, including GitHub Copilot CLI and Claude Code. The company is leveraging its existing endpoint telemetry to identify applications calling inference endpoints, then surfacing that information to IT and security teams. "Using our visibility on the endpoint, we can see the variety of apps that are basically calling inference endpoints," Weston explained. "And then we can give a collection of that to the IT and security folks, and they can decide whether that's appropriate or something that's putting them at risk."

Microsoft Defender maps the 'blast radius' when an AI agent goes wrong

Starting in June, Microsoft Defender will provide what the company calls "asset context mapping" for each discovered agent. This feature builds a relationship graph showing which devices an agent runs on, which MCP servers it connects to, which identities are associated with it, and which cloud resources those identities can reach. The goal is to let security teams assess the potential blast radius if an agent is compromised or misbehaves.

Weston explained the technical underpinning: "Blast radius is computed by taking an asset inventory and converting each asset into a node in a graph. The edges represent how different assets or data sources are connected." The system overlays contextual detail onto each node — for instance, flagging that a particular device runs an untrusted AI agent and is simultaneously connected to a critical business database or a machine with thousands of user accounts.

"It's highly accurate because it's computed from an asset graph that's typically cloud-based, or built from endpoint data if you've got something like NDE deployed," Weston said. "We're computing it based on what you already have — which is essentially ground truth." This kind of exposure mapping is precisely what CISOs are asking for, Weston added. "One of the first things you want to know when assessing agent risk is: what is this connected to? Is it connected to something I care about, or is it something moderate?"

The platform doesn't stop at visibility. Agent 365 introduces policy-based controls that let administrators set guardrails for what agents can and cannot do. If a managed agent exhibits malicious behavior patterns — such as attempting to access or exfiltrate sensitive data — Microsoft Defender can block the agent at runtime and generate alerts with rich incident context for investigation. Weston emphasized that Defender's existing classification capabilities translate directly to the agentic world. "Injecting code into the process that manages logins, whether you're OpenClaw or browser, that's always going to be a strong signal," he said. Context mapping, policy-based controls, and runtime blocking will enter public preview through Intune and Defender in June 2026.

Agent 365 reaches into AWS and Google Cloud to govern agents across rival platforms

In a notable competitive move, Microsoft is extending Agent 365's governance reach to rival cloud platforms. A new public preview of Agent 365 registry sync enables IT teams to connect with AWS Bedrock and Google Cloud (specifically, Google Gemini Enterprise Agent Platform, formerly Google Vertex AI). Through these connections, administrators can automatically discover and inventory agents running on those platforms and perform basic lifecycle governance actions such as starting, stopping, or deleting agents.

"If we're going to be a single control plane, we have to meet customers where they are, and many of them are multi-cloud," Weston told VentureBeat. He acknowledged that the depth of available controls varies somewhat by cloud provider. "Once you know it's there, what kind of guardrails or blocking can you provide? And that's going to be slightly different depending on what the cloud provider works with." But he added that the platforms offer "pretty comparable capabilities" in most scenarios and expressed optimism that cross-cloud consistency will improve over time.

Also generally available today: Agent 365 extends Microsoft Entra network controls to cover agent traffic from Microsoft Copilot Studio agents and local agents like OpenClaw. These controls let security teams inspect agent network activity, identify unsanctioned AI usage, restrict connections to approved web destinations, filter risky file transfers, and help block malicious prompt-based attacks at the network layer before they result in harmful actions. The combination of cloud registry sync and network-layer enforcement gives Microsoft an unusually broad governance surface — one that spans cloud, endpoint, and network in a way few competitors currently match.

Windows 365 for Agents gives enterprises a sandbox for high-risk AI workloads

For organizations that want the productivity benefits of autonomous agents but aren't comfortable running them directly on employee endpoints, Microsoft is also launching Windows 365 for Agents in public preview, currently limited to the United States. The offering creates a new class of Cloud PCs purpose-built for agentic workloads, managed through Intune, and governed by the same identity and security controls applied to human employees.

Weston framed the capability as a segmentation play. "From a security principle standpoint, the more segmentation you can achieve, the better," he said. "If you don't want this on your endpoint, but you still want the capability, you can choose to have it sandboxed, isolated. We've seen large companies like Nvidia talk about doing this. We're creating this pattern for everyone."

How critical that isolation is, Weston added, depends on context. "If you're working in a military installation, it goes without saying, you probably want to segment away that information. If you're working in a company that's primarily creative and you have a little higher risk tolerance, you may not want to do that." The public preview requires an Agent 365 license, an Intune license, and an active Azure subscription.

Microsoft builds a broad partner network to manage the agentic AI ecosystem

Microsoft is positioning Agent 365 not as a walled garden but as an open management layer. The company announced that ecosystem partner agents from Genspark, Zensai, Egnyte, Zendesk, and agents built on platforms including Kasisto, Kore.ai, and n8n are now fully enabled for management through Agent 365 — with no integration work required from IT teams. Additional software development company launch partners include Adobe, SAP, Manus, Nvidia, and Celonis.

For partner-built SaaS agents, onboarding begins with identity. "We have the ability for you to simply give it an identity and or use our SDK depending on the level of capability you need," Weston explained. "Just starting with the identity, we're able to basically see, especially for Entra users, what capabilities the application needs and what constraints should be put on that." Deeper SDK integration provides richer observability data, but identity alone gives the platform substantial governance leverage.

On the services side, Microsoft has enlisted firms including Accenture, KPMG, Capgemini, Protiviti, Slalom, and nearly two dozen others as Agent 365 Launch Partners. These firms have collaborated with Microsoft engineering to build offerings around inventory assessment, least-privilege enforcement, compliance, multi-platform threat analysis, and ongoing lifecycle management.

Microsoft's bigger bet: agents are the new apps, and they need the same enterprise controls

Microsoft's bet with Agent 365 arrives at a moment when the enterprise software industry is racing to define what the "agentic era" actually looks like in production. Competitors including Google, Amazon, and Salesforce are all developing their own agent orchestration and governance tools, but Microsoft's approach — leveraging its deeply entrenched position in endpoint management (Intune), threat detection (Defender), identity (Entra), and productivity (Microsoft 365) — gives it an unusual cross-surface advantage.

For enterprises considering Agent 365, Weston outlined a phased adoption model. "First things first, they'll get visibility and an inventory — you can't really secure what you don't know about," he said. "The next thing they're able to do is assign identities and start to manage the access those agents have, which is a huge first step in managing the risk." The deeper capabilities — isolation through Windows 365 for Agents, runtime blocking, blast radius mapping — come next. "Crawl is inventory. Walk is getting identity and access. Run is getting isolation, better control, deeper visibility," Weston summarized. "I think that's something that's reasonable in a 90-day period."

Whether enterprises actually move that fast will depend on the maturity of their existing security infrastructure and the pace at which shadow AI proliferates within their walls. A live "Ask Microsoft Anything" session on Agent 365 is scheduled for May 12, giving IT and security professionals a chance to press the engineering team on specifics.

But the most telling detail from the interview may have been the most offhand. "I have 18 agents running behind my team chat right now," Weston said. If even Microsoft's own security chief has a small army of autonomous agents operating in his daily workflow, the question for every other enterprise is no longer whether to govern the agentic workforce — it's whether they can do it before the workforce governs itself.