Posts by Rich Lilly

Last week, I wrote about why blocking AI is easy—but governing it is where most organizations fail. That post focused on permissioning: what really happens the moment a user flips an AI connector from Needs approval to Always allow. This article is about what comes next. Because once you allow it… you need to see…

Most organizations are not ready for what “Always allow” actually means in tools like Claude Cowork. By default, it’s set to Needs approval. That’s intentional. But the moment a user flips that to Always allow, they’ve effectively delegated their identity. Not just access… authority. Now you have: AI operating with user-level permissions Access to email,…

Most organizations still think about risk the old way: Phishing. Malware. Endpoint compromise.   But we’re entering a different era. The next wave of enterprise risk sits at the intersection of AI + access. And most organizations aren’t ready. AI Is Not Just a Tool. It’s an Operator. Whether it’s Copilot, ChatGPT, or Claude—these aren’t…

For years, security leaders have operated under a familiar assumption: “Best of breed always wins.” Buy the best SIEM. Buy the best EDR. Buy the best identity tool. Integrate everything later.   That model made sense in a world where: Data was fragmented Tooling was siloed Humans were the primary operators That world is changing…

Microsoft recently pushed the retirement of Azure portal-based Microsoft Sentinel management to March 31, 2027. On paper, that sounds like more time. In reality, it’s a signal.  The real story isn’t the deadline. It’s the direction. What’s Actually Changing New Sentinel instances created after August 2025 are already defaulting to the Microsoft Defender portal. That’s…