The short version:AI agents don’t just answer questions anymore. They plan, act, use your tools, and run in a self-directed loop with a lot less human oversight than a chatbot. That autonomy is what makes them valuable. It’s also what makes them risky. Anthropic’s latest piece, Trustworthy agents in practice, does a good job explaining…

Most organizations think Agent 365 is for later. After pilots. After use cases. After value is proven. That instinct is understandable and often wrong. Agent 365 matters most at the point where things start working, not before. Agent 365 Is Not an Agent Builder It is a control plane. A registry for every agent, including…

Frequently when I’m with clients, we’ll talk about the reasons why most of their AI projects are floundering — and 9 times out of 10 it’s not because of the technology, but because of their inability to manage that technology. So today I want to dig into something specific: why the Microsoft Frontier Suite (E5…

For years, the playbook was simple: Centralize everything into a SIEM. Security logs. Application logs. Performance telemetry. Network noise. If it could produce a log… it got shipped. Platforms like Splunk and QRadar became the catch-all data sinks for the enterprise. And for a while, that made sense. But that model doesn’t hold up anymore.…

Last week, I wrote about why blocking AI is easy—but governing it is where most organizations fail. That post focused on permissioning: what really happens the moment a user flips an AI connector from Needs approval to Always allow. This article is about what comes next. Because once you allow it… you need to see…

The Refoundry team has earned the Microsoft Threat Protection Specialization, a designation that verifies proven, hands-on expertise in deploying Microsoft Threat Protection and Microsoft Cloud App Security workloads.   What the specialization actually means To earn a Threat Protection Specialization, Microsoft requires partners to demonstrate real-world deployment experience (verified by customers who can speak to…

Most organizations are not ready for what “Always allow” actually means in tools like Claude Cowork. By default, it’s set to Needs approval. That’s intentional. But the moment a user flips that to Always allow, they’ve effectively delegated their identity. Not just access… authority. Now you have: AI operating with user-level permissions Access to email,…

Most organizations still think about risk the old way: Phishing. Malware. Endpoint compromise.   But we’re entering a different era. The next wave of enterprise risk sits at the intersection of AI + access. And most organizations aren’t ready. AI Is Not Just a Tool. It’s an Operator. Whether it’s Copilot, ChatGPT, or Claude—these aren’t…

For years, security leaders have operated under a familiar assumption: “Best of breed always wins.” Buy the best SIEM. Buy the best EDR. Buy the best identity tool. Integrate everything later.   That model made sense in a world where: Data was fragmented Tooling was siloed Humans were the primary operators That world is changing…