Pen Test Partners, a company that specializes in security consulting, specifically penetration testing took a close look at how Microsoft’s Copilot AI for SharePoint could be exploited. The results were, to say the least, concerning. Not least considering an encrypted spreadsheet that the hackers were, quite rightly, rejected from opening by SharePoint, no matter what method was employed, was broken wide open when they asked the Copilot AI agent to go get it. “The agent then successfully printed the contents,” Jack Barradell-Johns, a red team security consultant with the security company, said, “including the passwords allowing us to access the encrypted spreadsheet.” Barradell-Johns explained that during the engagement, the red teamers encountered a file named passwords.txt, located adjacent to an encrypted spreadsheet containing sensitive information. Naturally, they tried to access the file. Just as naturally, Microsoft SharePoint said nope, no way. “Notably,” Barradell-Johns said, “in this case, all methods of opening the file in the browser had been restricted.” The download restrictions that are part of the restricted view protections were circumvented, and the content of the Copilot chats could be freely copied. “SharePoint information protection principles ensure that content is secured at the storage level through user-specific permissions and that access is audited. This means that if a user does not have permission to access specific content, they will not be able to view it through Copilot or any other agent. Additionally, any access to content through Copilot or an agent is logged and monitored for compliance and security.”
PayPal and Venmo to enable instant in-chat checkout, supporting agentic commerce within Perplexity’s AI answer engine; account linking, tokenized wallet and passkey checkout flows would eliminate the need for passwords
Perplexity has partnered with PayPal to power agentic commerce across its Perplexity Pro platform. Starting this summer in the U.S., consumers can check out instantly with PayPal or Venmo when they ask Perplexity to find products, book travel, or buy tickets. ”This partnership unlocks new possibilities, where conversations now drive commerce,” said Alex Chriss, President and CEO of PayPal. ”We’re making it easy and secure to shop right in the chat when inspiration strikes. It’s a powerful step in making conversational commerce a reality.” The entire process, including payment, shipping, tracking, and invoicing will be handled behind the scenes with PayPal’s account linking, secure tokenized wallet and emerging passkey checkout flows, which could eliminate the need for passwords and streamline the experience to a single user query or click. Key features include: Agentic Commerce: Integration of PayPal’s commerce solutions, enabling users to buy products or services directly in Perplexity’s chat interface. Global Reach: Expanding Perplexity’s commerce tools to PayPal’s 430+ million active accounts across approximately 200 markets. Secure Transactions: Leveraging PayPal’s robust fraud detection and data security protocols.
Moderne and Diffblue partner to support app modernization by combining automated and deterministic code refactoring across entire codebases and agentic AI testing to catch potential bugs before they happen
Automated code refactoring company Moderne and AI-powered unit test writing agent developer Diffblue announced a partnership to deliver an integrated solution for enterprise application modernization. By joining forces, the two companies aim to help large organizations will be able to upgrade and modernize applications based on extremely large codebases with greater speed with less worry. The collaboration combines Moderne’s code transformation capabilities with Diffblue’s autonomous agentic AI testing capabilities to catch potential bugs before they happen. Moderne is built on the OpenRewrite open-source project, which provides automated, safe and scalable transformation across entire codebases. It’s deterministic, which means that it’s predictable for any task, including cloud migration, framework upgrades, security fixes and language updates. That’s important because the larger the codebase, the greater the chance that any update could introduce an issue — updating from an older version of Java, for example, version 8 to a more modern version such as 17. Through the integration, Diffblue’s testing capabilities will be built directly into Moderne’s OpenRewrite recipes so they can run at large scale during application transformation. They will also be activated within Moderne’s multi-repository AI agent, Moddy, to provide test coverage for mass-scale changes.
JPMorgan Chase completes the first settlement of tokenized treasury trade on Ondo’s public blockchain; moving away from its long-held private blockchain model
JPMorgan Chase has been steadily developing its own blockchain tech for years. But, instead of integrating it with public blockchains, the U.S.’s largest bank has taken what many in crypto call the “walled garden” approach and built out a private network only its customers can use. Now, JPMorgan is venturing beyond that garden. It announced that it had settled a transaction on a public ledger with the help of the crypto firms Chainlink and Ondo Finance. In early May, JPMorgan’s blockchain division, Kinexys, transferred money between two accounts on its private blockchain to settle the purchase of tokenized treasuries on Ondo’s public ledger. (Tokenized treasuries are money market funds that live on the blockchain.) To trigger the payment, JPMorgan used Chainlink, a communication protocol that lets blockchains process outside information. This is the first time JPMorgan has built out a structure to interface with a public blockchain, said Nelli Zaltsman, head of platform settlement solutions at Kinexys. “This is not just another POC [proof of concept],” added Sergey Nazarov, cofounder of Chainlink. “This is the beginning of something big.” Nazarov added that the structure is on track for “production,” a term for when software is ready for more widespread use.
Capgemini’s mainframe modernization offering automates legacy code analysis and extraction of business rules using a set of generative AI agents
Capgemini has launched a new offering that enables organizations to unlock greater value from their legacy systems at unprecedented speed and accuracy. The new approach, powered by generative and agentic AI, allows organizations to gain cost savings, agility, and a significant improvement in data quality. It converts legacy mainframe applications into modern, agile, and cloud-friendly formats that can run more efficiently either on or outside of a mainframe. Capgemini’s automated mainframe application refactoring uses tools and techniques to automatically convert legacy mainframe applications, such as those written in COBOL, into modern architecture. The approach is supported by rigorous automated testing for faster, higher-quality transformations and reduced risk for businesses. Capgemini’s experience in delivering large and complex mainframe modernization programs, market leadership in AI, deep domain knowledge, and broad understanding of complex industry regulations has already delivered tangible results for blue-chip clients.
Boomi and AWS partner to offer a centralized management solution for deploying, monitoring, and governing AI agents across hybrid and multi-cloud environments with built-in support for MCP via a single API
Boomi announced a multi-year Strategic Collaboration Agreement (SCA) with AWS to help customers build, manage, monitor and govern Gen AI agents across enterprise operations. Additionally, the SCA will aim to help customers accelerate SAP migrations from on-premises to AWS. By integrating Amazon Bedrock with the Boomi Agent Control Tower, a centralized management solution for deploying, monitoring, and governing AI agents across hybrid and multi-cloud environments, customers can easily discover, build, and manage agents executing in their AWS accounts, while also maintaining visibility and control over agents running in other cloud provider or third-party environments. Through a single API, Amazon Bedrock provides a broad set of capabilities to build generative AI applications with security, privacy, and responsible AI in mind, including support for Model Context Protocol (MCP), a new open standard that enables developers to build secure, two-way connections between their data and AI-powered tools. MCP enables agents to effectively interpret and work with ERP data while complying with data governance and security requirements. Steve Lucas, Chairman and CEO at Boomi. “By integrating Amazon Bedrock’s powerful generative AI capabilities with Boomi’s Agent Control Tower, we’re giving organizations unprecedented visibility and control across their entire AI ecosystem while simultaneously accelerating their critical SAP workload migrations to AWS. This partnership enables enterprises to confidently scale their AI initiatives with the security, compliance, and operational excellence their business demands.” Apart from Agent Control Tower, the collaboration will introduce several strategic joint initiatives, including: Enhanced Agent Designer; and New Native AWS Connectors and Boomi for SAP.
Qvinci Software simplifies financial analysis of multi-entity businesses- Eliminations Entries feature removes the impact of transactions between related companies
Qvinci Software has launched new products and enhancements to strengthen their offering of automating time-consuming manual tasks common in traditional financial and business intelligence reporting, so that business leaders can focus on proactive, revenue-impacting initiatives. New Report Categorization and Packaging features enable searching, filtering, bulk-pinning, and building customized financial and business intelligence report packages in minutes, instead of hours or days using other accounting platforms. New Report Interact functionality allows for switching dollar/percentage views, filtering by specific entity in a multi-entity report, and focus mode to highlight cells that need attention – all without numerous data re-runs. A new suite of Business Intelligence Dashboards and Reporting Templates target key financial metrics that simplify impactful coaching and advising by identifying problem areas that need corrective action. For global organizations, Currency Conversion tools now fully support QuickBooks Online, QuickBooks Desktop, and Xero, eliminating the hassle of manual in-app currency adjustments. Qvinci Budgets with Future Budgeting enables users to import Excel-based budgets to use with templates for precise financial planning, as well as use Qvinci Budgets with QuickBooks Desktop, QuickBooks Online, or QuickBooks by Class. With Non-Sunday Aligned Reporting, organizations (i.e., hospitality brands, franchises, faith-based institutions, etc.) can generate reports based on their busiest operational days using customizable accounting calendars. Now, “As Of Week” reporting is available, making it easy to define the week through which reports should be run. With enhanced Security Infrastructure – including multi-factor authentication, PCI certification, and a published formal security framework – Qvinci ensures enterprise-grade data protection. Lastly, Eliminations Entries, used to remove the impact of transactions between related companies, can now be handled directly within the Qvinci solution, cutting down drastically on needless complexity and manual labor.
Monzo’s new ‘Undo Payments,’ holding window feature offers a configurable delay, ranging from 10 to 60 seconds, before a payment is finalised, during which the sender can halt the transaction
Monzo has started rolling out a new feature that allows users to cancel a bank transfer shortly after initiating it. The tool, known as ‘Undo Payments,’ offers a configurable delay, ranging from 10 to 60 seconds, before a payment is finalised, during which the sender can halt the transaction. The launch follows internal research by the bank showing that around 30% of UK adults have sent money to the wrong person or entered the incorrect amount in the past year. More than three-quarters of those who made a payment error reportedly realised the mistake within one minute. The Undo Payments feature acts as a brief holding window after a transfer is authorised. During this time, users can reverse the transaction directly from the payment confirmation screen, the home screen, or the specific transaction detail page. If the undo option is selected within the chosen time frame, the funds remain in the user’s account and the intended recipient is not notified of the attempted transfer. The default setting gives a 15-second window, though users can adjust this to 10, 30, or 60 seconds, or disable it entirely. According to Monzo’s data, simple mistakes such as typing errors, often involving an extra zero, were responsible for 68% of misdirected payments.
Albertsons is rolling out the TreviPay Pay by Invoice solution to enable business buyers to receive a dedicated 30-day line of credit
Albertsons is rolling out the TreviPay Pay by Invoice solution to enable business buyers, including small offices, K-12 schools, local government and community organizations and residential programs, to receive a dedicated line of credit for online grocery purchases with 30-day net terms. The Albertsons pay by invoice program includes a self-serve portal to assign spending limits to approved purchasers and real-time tracking of invoices, payments and credit lines. TreviPay’s invoicing program offers the control to customize purchasing hierarchies and the convenience of paying using credit lines, which we know are important to this buyer segment. Through the partnership, stores across Albertsons Cos. banners can automate their acounts receivable processes for business purchases with real-time credit decisioning, electronic invoice generation and payment tracking, with the goals of reducing billing errors and eliminating back-office resources. TreviPay settles funds right away and owns any buyer credit risk. Enabling Albertsons Cos.’ business customers to pay by invoice allows their corporate buyers to make large, repeat orders using their preferred payment method, while retailers eliminate the complexities of accounts receivables and fuel growth.
Mastercard and MoonPay team to promote stablecoin payments in an API-driven implementation letting businesses, neobanks, and other payment participants manage payouts and disbursements more efficiently
Mastercard has launched a stablecoin-focused partnership with cryptocurrency payments FinTech MoonPay. The collaboration will allow consumers and businesses to send and receive stablecoin payments across global markets. Companies and FinTechs will be able to employ Mastercard-branded cards linked to users’ stablecoin balances, allowing cardholders to spend their stablecoins, which will simultaneously be converted to fiat currency, at more than 150 million locations where Mastercard is accepted around the world. “By providing solutions that unlock stablecoin utility and ubiquity, we are redefining how money moves globally and driving a shift in payments as we know it,” Scott Abrahams, executive vice president, Global Partnerships at Mastercard, said. T he partnership will leverage the API-driven stablecoin infrastructure from Iron, acquired by MoonPay in March, to facilitate stablecoin transactions, turning “crypto wallets into new digital bank accounts for seamless global transactions.” This will let businesses, neobanks, and other payment participants manage payouts and disbursements more efficiently, improving cross-border money transfers, and help businesses offer stablecoin-based payouts to gig workers, contractors and creators.