If any of our listeners are in Vegas for Blackhat or DefCon, come say hello. We may have a prize.
Words of Wisdom:
“Immediately pay what you owe to vendors, workers and contractors. They will go out of their way to work with you first the next time”
Security Insights - Foresight - Hindsight – July 2026 Edition
General
Securing our future: July 2026 progress report on Microsoft’s Secure Future Initiative | Microsoft Security Blog
Least privilege for AI agents: Identity, access, and tool binding | Microsoft Security Blog
Unpacking the AsyncAPI npm supply chain compromise | Microsoft Security Blog
AI Security
AI brands as bait: How threat actors are using the AI hype in social engineering | Microsoft Security Blog
Beyond the benchmark: Advancing security at AI speed | Microsoft Security Blog
Agent365
Least privilege for AI agents: Identity, access, and tool binding | Microsoft Security Blog
Agent 365 Registry, local discovery, and runtime protection | Microsoft Learn
Azure Security & Defender for Cloud News
What’s new in Defender for Cloud features (July 2026) | Microsoft Learn
Threat Intelligence
Unpacking the AsyncAPI npm supply chain compromise | Microsoft Security Blog
GigaWiper: Anatomy of a destructive backdoor | Microsoft Security Blog
Microsoft Entra
Microsoft Entra ID security updates: Passkeys as default | Microsoft Security Blog
Device Management & Protection (Intune)
What’s new in Microsoft Intune (July 2026) | Microsoft Learn
Defender XDR & Sentinel
Monthly news – July 2026 | Microsoft Defender XDR Blog
Sentinel Graph tools and custom detection rules as code | Microsoft Learn
Defender XDR + Sentinel unified operations | Microsoft Learn
Copilot for Security
Security Copilot agentic capabilities | Microsoft Learn
Purview – Compliance & Governance
Purview data protection for AI agents | Microsoft Learn
Purview for Agent 365 | Microsoft Learn
Non Microsoft Security News
Polymarket supply chain compromise and theft → Podcast
FBI Kali365 phishing warnings → Podcast
AI-discovered vulnerabilities in summer campaigns → Podcast
GitHub researcher bans and anti-tech trends → Podcast
AI for the Masses (from “AI Security OPS”)
LiteLLM supply chain risks → AI Security Ops
Model ablation and safety bypasses → AI Security Ops
Embedding space attacks → AI Security Ops
Open-weight models and harness risks → AI Security Ops
Agent pentesting and bug bounties → AI Security Ops
Featured Resources & Deep Dives
What’s New in Defender (July 2026)
What’s new in Microsoft Defender XDR | Microsoft Learn
Local AI agent discovery + runtime protection
Sentinel Graph + custom detection as code
July Patch Tuesday follow-up
Daily Defender Dispatch – July 16, 2026
Daily Defender Dispatch: Least-Privilege Agents, AsyncAPI Breach, and Graph Tools
Least Privilege for AI Agents
New guidance on identity, access, and tool binding for secure agentic AI.
Takeaway: Review Agent 365 policies for least-privilege enforcement.AsyncAPI npm Supply Chain Compromise
Threat actors weaponized trusted CI/CD workflows.
Takeaway: Audit open-source dependencies in AI pipelines.Sentinel Graph & Custom Detections
Enhanced graph tools and custom detection rules as code now in preview.
Takeaway: Test graph reasoning for faster investigations.Non-MS Highlights
Polymarket breach and AI supply chain risks.
Takeaway: Strengthen third-party AI vendor reviews.AI for the Masses
LiteLLM and model ablation attacks.














