Weekly Security Roundup: Agent Identity and LLM Attack Surfaces

Recent security work focuses on the challenges of agent-driven and automated cloud systems—including access management, large language model (LLM) alignment, and defending against misconfiguration or malicious input.

Securing Multi-Agent AI and Identity Delegation

Multi-agent AI environments raise complex access and identity challenges. Microsoft's new guides cover secure orchestration and user/agent actions delegation via Entra ID’s On-Behalf-Of flow, using frameworks like LangGraph, Chainlit, and Databricks Genie, and enabling zero-trust RBAC through Unity Catalog. Solutions for OAuth token scopes, custom providers, and audience management are explained, alongside audit and human oversight best practices for accountable agent automation. This extends last week’s focus on practical patterns for safe, large-scale agent deployments.

• Securing Multi-Agent AI Solutions with Microsoft Entra ID On-Behalf-Of Flow
• Securing Multi-Agent AI with User Context: Entra ID OBO for Databricks Genie

Model Alignment, Memory Poisoning, and AI System Attack Surfaces

Recent research reveals that enterprise LLMs are vulnerable to alignment attacks: for example, one adversarial prompt can undermine safety when using Group Relative Policy Optimization during fine-tuning. Developers are reminded to run benchmarks throughout adaptation cycles to detect model drift. The Defender security team also discusses memory poisoning attacks—where prompt injection targets Copilot or similar tools—offering guidelines for detection, filtering, interface design, and memory controls. This section continues last week’s coverage of model lifecycle and runtime safety. Behavioral monitoring and input validation are necessary to keep AI-driven systems secure.

• A One-Prompt Attack That Breaks LLM Safety Alignment
• Protecting AI Systems Against Memory Poisoning: The Rise of AI Recommendation Poisoning

Copilot Studio and Power Platform Agent Security

Copilot Studio automation introduces new security requirements. Microsoft’s top 10 risk list provides tactics and mitigation tips: enforcing authentication, moving secrets to Key Vault, reviewing dormant agents, and restricting command scopes. This helps both no-code and low-code environments manage exposure as agent automation grows. These practical guides pick up where last week’s discussion of operational guardrails left off and provide actionable checklists for teams working with agent platforms.

• Copilot Studio Agent Security: Top 10 Risks and How to Mitigate Them

Other Security News

Dependabot audit logs have expanded to capture all enable/disable and config activities (including for self-hosted runners), recording user identity for better compliance and traceability. Building on last week’s improvements to Dependabot OIDC and registry security, these updates support safer CI/CD and supply chains.

• Track Additional Dependabot Configuration Changes in Audit Logs Microsoft has released a SIEM buyer’s guide explaining how to pick platforms that are ready for AI-based security management. Sentinel and other products offer model-based analytics and automation, in line with current best practices.
• The Strategic SIEM Buyer’s Guide: Selecting an AI-Ready Security Platform