Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years
An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span.
Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
A Russian court sentenced a former hospital programmer to 14 years in a high-security penal colony for allegedly leaking personal data of Russian soldiers to Ukraine, authorities said.
I believe we're at the beginning of something extraordinary.
Today's AI agents are already impressive—they're helping software engineers write code, assisting site reliability teams in troubleshooting systems, and handling a variety of analytical tasks. Yet, as capable as these specialized agents are becoming, we're just beginning to glimpse their potential. The next wave of changes is approaching fast, bringing capabilities that will transform how we work across a wide variety of fields.
At Microsoft, we believe the next 12–24 months will fundamentally change the AI agent space. Instead of simply responding to requests, agentic systems will start working independently, spotting problems, suggesting solutions, and carrying context across conversations. The difference might seem small at first, but you'll notice it when your agent starts to proactively help you solve problems rather than just follow instructions.
To support this future, we need to evolve the identity standards that underpin how agents access data and act across connected systems—from APIs, code repositories, and data warehouses, to productivity tools, enterprise systems, and sensitive business processes. It starts with OAuth 2.
What’s changing?
At Microsoft, we’re building a robust and sophisticated set of agents. Recently, we launched the public preview of our new Conditional Access Optimizer Agent. It’s a multi-functional AI agent that:
Analyzes an organization’s Conditional Access policies
Identifies security gaps
Recommends policy improvements and simplifications
Deploys new policies in pilot mode
Ensures new users and apps are protected
We’ve also been extensively investing in agents for developer and operations workflows, such as the SWE and SRE agents to help teams boost their productivity when writing and maintaining their applications. As new AI-driven scenarios are introduced, we anticipate an emerging flood of rich, smart, multi-functional, and autonomous agents.
AI agents will augment and amplify the capabilities of an organization. Marketing agents could propose full digital marketing campaign plans, refine and update them based on feedback, and then when the plans are approved, execute them end-to-end. Engineering agents could autonomously create specifications for new features, as well as start to build and test them with minimal human interactions. You might’ve already seen some of these experiences at this year’s Microsoft Build conference. We could see all kinds of agents helping people to manage compliance, onboard new employees, or even run parts of their IT operations more efficiently.
But here’s the thing: today’s OAuth 2 standards weren’t built for the world of AI agents. Some existing efforts, like RFC 9396 – OAuth 2.0 Rich Authorization Requests, set some of the fundamental ideas in motion, but we believe we need a more scalable solution for AI-first scenarios.
Why OAuth 2 needs an update
OAuth 2 works well for today’s task-focused agents that act on behalf of a user. But as agents become more autonomous and capable, a new set of authorization requirements surfaces. Agents need much more granular permissions, and they need to be dynamic, easily revokable, yet auditable. They need to be able to interact securely with other agents across different trust boundaries, as well as handle scenarios where the ownership of an agent changes on the fly. To enable these capabilities, we need to drive a set of changes to existing standards to support them, unlocking the ability of enterprises to adopt them while maintaining compliance and confidence in the security of their data.
Here’s what we think needs to change:
Recognize Agent IDs as first-class actors: Agents need to be distinct from clients. They should have their own identity in the OAuth model. When an agent registers with an IDP, it should be able to register as an agent, not a client. When an agent accesses a resource, it should be able to represent that it is an agent. When a computer-using agent accesses a resource through a client, we need a standards-based approach to represent this interaction.
Have a standard model for granting agents their own permissions: Agents should be able to act with their own defined set of privileges—not just proxy a user’s rights.
Make agent actions transparent and traceable: We need a clear way to distinguish when an agent is acting:
On behalf of a user
On its own behalf
On behalf of another agent or a chain of agents
This is critical for forensics, policy enforcement, and trust.
Enable permission discovery and delegation: Agents should be able to discover the permissions required to perform a task and request them—either directly from the user, from an upstream agent, or through a chain of upstream agents ultimately linked to the user.
Support for fine-grained, resource specific, least-privilege access: We need updates to the OAuth scopes model to support common approaches to identifying a specific subset of resources a user can delegate access to. For example:
A collection or container of resources, such as all photos from last week
A node in a hierarchy of resources, such as all files in the /taxinfo directory
A specific class or category of resource, like high business impact or confidential
A query, such as SELECT * FROM my_emails WHERE sender LIKE ‘%@microsoft.com’
A specific resource, like {customer_ID, 12345}
We believe this set of targeted updates will give users and organizations the controls, visibility, specificity, and granularity necessary to realize the incredible transformative potential of AI agents.
Let’s build this together
We’re excited about the future of AI agents. But we also know that to get there, we need to evolve the standards that make secure delegation possible.
We’re looking forward to working with our partners in the broader OAuth community, the Model Context Protocol (MCP), and Agent-to-Agent (A2A) protocol steering committees, as well as the machine identity ecosystem to define the right path forward. Microsoft’s recent work in helping shape a more robust authorization specification for MCP together with the broader security community and Anthropic is just the beginning.
If you’re attending Identiverse in Las Vegas next week, I hope you’ll reserve a seat for the AI Agents and the Future of Identity roundtable discussion on Wednesday at 7:15 a.m. with breakfast. You can also drop by the booth or request a meeting at Identiverse with Microsoft Security.
Let’s make sure the next generation of AI agents is not just powerful—but secure, trustworthy, and standards-based.
- Alex P.S.: If you’re working in this space, I’d love to hear from you! Drop a note in the comments below.
Read more on AI agent innovation from Microsoft Security
Microsoft extends Zero Trust to secure the agentic workforce | Microsoft Security Blog
Announcing Microsoft Entra Agent ID: Secure and manage your AI agents | Microsoft Community Hub
Microsoft unveils Microsoft Security Copilot agents and new protections for AI | Microsoft Security Blog
Microsoft Entra Conditional Access optimization agent - Microsoft Entra ID | Microsoft Learn
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
Microsoft Entra News and Insights | Microsoft Security Blog
Microsoft Entra blog | Tech Community
Microsoft Entra documentation | Microsoft Learn
Microsoft Entra discussions | Microsoft Community
China accuses Taiwan-linked group of cyberattack on local tech company
According to police in Guangzhou, the group — allegedly linked to Taiwan’s ruling Democratic Progressive Party (DPP) — has targeted more than 1,000 key networks in over 10 Chinese provinces.
MATLAB developer bringing systems back online following ransomware attack
Massachusetts-based MathWorks provided an update to customers on Monday after initially reporting outages on May 18, confirming that it experienced a ransomware attack that took down online applications and internal systems used by staff.
Fuite massive de Free : comment savoir si votre compte est concerné ?
En octobre dernier, Free était victime d'un piratage massif de données, concernant 13,9 millions de comptes. Depuis ce 27 mai, le site Have I Been Pwned les répertorie. Voici comment savoir si votre compte est concerné. 26 octobre 2024 : Free informe ses abonnés qu'il a été victime d'une cyberattaque. Les données
La CIA utilisait un site de fans Star Wars pour communiquer avec ses espions
Derrière l’apparence inoffensive de centaines de sites web, dont un dédié à Star Wars, la CIA cachait un réseau de communication secret destiné à ses informateurs. Mal protégé, le dispositif a exposé de nombreux agents avec des conséquences humaines désastreuses. Nous sommes au début des années 2000 et la CIA
CISA loses nearly all top officials as purge continues
Most of the leaders of the agency’s operating divisions and regional offices have left or will leave this month amid the Trump administration’s aggressive government-downsizing campaign.
Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
Not every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters.
MATLAB dev confirms ransomware attack behind service outage
MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage.
Threat-informed defense with HarfangLab EDR and FourCore ATTACK
Adversary emulation is a key component of Threat-informed defense. This post details emulating Microsoft Edge browser data theft using FourCore ATTACK and validating detections with HarfangLab EDR to enhance security posture.
#Infosec2025: Rory Stewart and Paul Chichester to Headline at Infosecurity Europe 2025
Former UK government minister Rory Stewart and NCSC Director of Operations Paul Chichester will explore the growing link between geopolitics and cybersecurity
One one my biggest worries about VPNs is the amount of trust users need to place in them, and how opaque most of them are about who owns them and what sorts of data they retain. A new study found that many commercials VPNS are (often surreptitiously) owned by Chinese companies. It would be hard for U.S. users to avoid the Chinese VPNs. The ownership of many appeared deliberately opaque, with several concealing their structure behind layers of offshore shell companies. TTP was able to determine the Chinese ownership of the 20 VPN apps being offered to Apple’s U.S. users by piecing together corporate documents from around the world. None of those apps clearly disclosed their Chinese ownership...
Building Compliant and Transparent Retail Trust | CSA
In retail, the commerce platform you choose should earn your trust through verifiable compliance practices & transparent operations that protect your customers.
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to Russia, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America.
Russian Void Blizzard cyberspies linked to Dutch police breach
A previously unknown Russian-backed cyberespionage group now tracked as Void Blizzard has been linked to a September 2024 Dutch police security breach.