CIA Brief 20260516

Security & Threat Intelligence

• Configuration becomes vulnerability: Exploitable misconfigurations in AI apps (14 May) Microsoft Defender researchers found that AI and agentic apps deployed on Kubernetes (Mage AI, kagent, AutoGen Studio, MCP servers, and others) are frequently exposed to the internet with weak or missing authentication, enabling remote code execution, credential theft, and data exposure without any zero-day exploit. Defender for Cloud signals show >50% of cloud-native workload exploitations stem from these misconfigurations. https://www.microsoft.com/en-us/security/blog/2026/05/14/configuration-becomes-vulnerability-exploitable-misconfigurations-ai-apps/(opens in new window)

• Kazuar: Anatomy of a nation-state botnet (14 May) Deep technical analysis of Kazuar, a Russian state actor (Secret Blizzard) malware family that has evolved from a traditional backdoor into a modular peer-to-peer botnet with Kernel/Bridge/Worker components, leader-election for stealth, and multiple fallback C2 channels (HTTP, WebSockets, Exchange Web Services). Used to target government and diplomatic organisations in Europe, Central Asia, and Ukraine. https://www.microsoft.com/en-us/security/blog/2026/05/14/kazuar-anatomy-of-a-nation-state-botnet/(opens in new window)

• Undermining the trust boundary: Stealthy intrusion through third-party compromise (12 May) Microsoft Incident Response details a 100+ day intrusion in which attackers abused a compromised third-party IT services provider and the legitimate HPE Operations Agent platform to deploy VBScripts, malicious network providers, and password filter DLLs on domain controllers, harvest credentials, and persist via web shells and ngrok tunnels — all without malware-heavy techniques. https://www.microsoft.com/en-us/security/blog/2026/05/12/undermining-the-trust-boundary-investigating-a-stealthy-intrusion-through-third-party-compromise/(opens in new window)

Microsoft 365 & Teams

• Goodbye Together mode, hello simplified meeting layouts in Microsoft Teams (15 May) Microsoft is retiring Together mode (and its scenes/seat assignments) from Teams on 30 June 2026. The modern Gallery view — which scales up to 49 participant tiles and adapts to device capability — becomes the single meeting layout, freeing engineering effort for video quality, super-resolution, denoising, and colour accuracy improvements. https://techcommunity.microsoft.com/blog/microsoft365insiderblog/goodbye-together-mode-hello-simplified-meeting-layouts-in-microsoft-teams/4519312(opens in new window)

Windows

• Improving Windows quality: Making Taskbar and Start more personal (15 May) Windows Insiders in the Experimental channel can now move the taskbar to the top, left, or right of the screen (with matching icon alignment and Start flyout positioning), enable a smaller compact taskbar, and use new section-level toggles for Pinned / Recommended / All in the Start menu. “Recommended” is also being renamed to “Recent”. https://blogs.windows.com/windows-insider/2026/05/15/improving-windows-quality-making-taskbar-and-start-more-personal/(opens in new window)

Power Platform

• What’s new in Power Platform: May 2026 feature update (15 May) Power Fx user-defined types (UDTs) and the Grid container control are now generally available. New previews include custom MCP-powered tools and rich Fluent UI widgets for app-based Copilot conversations, generative pages with input context, a new high-performance Data Grid modern control, OnSelect on the Icon control, and a PowerCAT skill for migrating retired InfoPath forms to Canvas Apps using AI coding agents. https://www.microsoft.com/en-us/power-platform/blog/2026/05/14/whats-new-in-power-platform-may-2026-feature-update/(opens in new window)

AI & Copilot

• Microsoft tests ‘ClawPilot’ AI agent for 3,000 staff (9 May) Microsoft is piloting an OpenClaw-based “ClawPilot” AI agent with more than 3,000 employees, aiming to deliver always-on assistants that handle tasks across Microsoft 365 — part of a broader industry push around agent governance. https://www.msn.com/en-us/news/other/microsoft-tests-clawpilot-ai-agent-for-3000-staff/gm-GM67972661

After hours

Reimagining the mouse pointer with AI – https://www.youtube.com/watch?v=pZNzfQLgGsA

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week