Microsoft 365 Copilot Inherits Your User's Full OAuth Scope. Your TPRM Register Hasn't Caught Up.
Copilot is a per-user data processor riding on the user's full M365 OAuth scope — but it does not appear on most TPRM registers. The control gap looks like a SaaS problem and is solved at the kernel.
API-Based Agent Governance: The Known Knowns Trap
API-layer agent governance delivers rich telemetry — but only on systems you already instrumented. The unhedged exposure sits below it, on the local filesystem and inside the process tree.
Claude 5 + Computer Use 2.0: What Changes for Endpoint Policy
Claude 5 ships Computer Use 2.0 with per-tool permission scope and sub-second action latency. The control plane just migrated from the prompt to the kernel.
Why Block-by-Default Kills Agentic Productivity in Two Quarters
The historical pattern from DLP and EDR rollouts is clear: block-on-deny tools that fight engineering productivity get ripped out in two quarters. Copy-on-write survives the political review.
Soft Policy vs. Hard Control: What Claude's 3,000-Character Org Preference Actually Enforces
Claude's Organization Preferences inject tenant-wide guidance into every prompt — but instructional guidance is a policy artifact, not a deterministic control. Here is where to layer DLP.
Shadow agents: the uncorrelated tail risk in your endpoint portfolio
Shadow agents are unpriced tail risk on every endpoint. The existing control stack — API gateways, EDR, DLP, prompt guardrails — does not see the layer where agent intent becomes OS-level action. A scoring framework for the exposure, and where the enforcement point actually has to live.
The agent firewall thesis: why this category compounds before it consolidates
EDR was built for malware. First-generation AI security was built for chatbots. Neither prices what an agent is actually doing on the endpoint. The thesis behind the agent firewall as a category — and the 12-to-18 month window before it consolidates.
The Two Types of Shadow Agents — and Why Observability Won't Catch Them
Shadow agents come in two flavors — SaaS-embedded and standalone — and each one requires kernel-level segmentation, not API observability, to contain.