Pen Test Partners, a company that specializes in security consulting, specifically penetration testing took a close look at how Microsoft’s Copilot AI for SharePoint could be exploited. The results were, to say the least, concerning. Not least considering an encrypted spreadsheet that the hackers were, quite rightly, rejected from opening by SharePoint, no matter what method was employed, was broken wide open when they asked the Copilot AI agent to go get it. “The agent then successfully printed the contents,” Jack Barradell-Johns, a red team security consultant with the security company, said, “including the passwords allowing us to access the encrypted spreadsheet.” Barradell-Johns explained that during the engagement, the red teamers encountered a file named passwords.txt, located adjacent to an encrypted spreadsheet containing sensitive information. Naturally, they tried to access the file. Just as naturally, Microsoft SharePoint said nope, no way. “Notably,” Barradell-Johns said, “in this case, all methods of opening the file in the browser had been restricted.” The download restrictions that are part of the restricted view protections were circumvented, and the content of the Copilot chats could be freely copied. “SharePoint information protection principles ensure that content is secured at the storage level through user-specific permissions and that access is audited. This means that if a user does not have permission to access specific content, they will not be able to view it through Copilot or any other agent. Additionally, any access to content through Copilot or an agent is logged and monitored for compliance and security.”
Gemini Advanced users can now directly add a public or private codebase on GitHub, to the chatbot to allow it to generate and explain code, debug existing code, and more
Gemini, Google’s AI-powered chatbot, can now connect to GitHub — for users subscribed to the $20-per-month Gemini Advanced plan, that is. Gemini Advanced customers can directly add a public or private codebase on GitHub to Gemini to allow the chatbot to generate and explain code, debug existing code, and more. Users can connect GitHub to Gemini by clicking the “+” button in the prompt bar, selecting “import code,” and pasting a GitHub URL. A word of warning: AI models, including Google’s, still struggle to code quality software. Code-generating AI tends to introduce security vulnerabilities and errors, owing to weaknesses in areas like the ability to understand programming logic. One recent evaluation of Devin, a popular AI coding tool, found that it could only complete three out of 20 programming tests.
Microsoft Copilot AI for SharePoint can access the contents of encrypted spreadsheet including restricted passwords by circumventing download restrictions and information protection principles
Pen Test Partners, a company that specializes in security consulting, specifically penetration testing took a close look at how Microsoft’s Copilot AI for SharePoint could be exploited. The results were, to say the least, concerning. Not least considering an encrypted spreadsheet that the hackers were, quite rightly, rejected from opening by SharePoint, no matter what method was employed, was broken wide open when they asked the Copilot AI agent to go get it. “The agent then successfully printed the contents,” Jack Barradell-Johns, a red team security consultant with the security company, said, “including the passwords allowing us to access the encrypted spreadsheet.” Barradell-Johns explained that during the engagement, the red teamers encountered a file named passwords.txt, located adjacent to an encrypted spreadsheet containing sensitive information. Naturally, they tried to access the file. Just as naturally, Microsoft SharePoint said nope, no way. “Notably,” Barradell-Johns said, “in this case, all methods of opening the file in the browser had been restricted.” The download restrictions that are part of the restricted view protections were circumvented, and the content of the Copilot chats could be freely copied. “SharePoint information protection principles ensure that content is secured at the storage level through user-specific permissions and that access is audited. This means that if a user does not have permission to access specific content, they will not be able to view it through Copilot or any other agent. Additionally, any access to content through Copilot or an agent is logged and monitored for compliance and security.”
PayPal and Venmo to enable instant in-chat checkout, supporting agentic commerce within Perplexity’s AI answer engine; account linking, tokenized wallet and passkey checkout flows would eliminate the need for passwords
Perplexity has partnered with PayPal to power agentic commerce across its Perplexity Pro platform. Starting this summer in the U.S., consumers can check out instantly with PayPal or Venmo when they ask Perplexity to find products, book travel, or buy tickets. ”This partnership unlocks new possibilities, where conversations now drive commerce,” said Alex Chriss, President and CEO of PayPal. ”We’re making it easy and secure to shop right in the chat when inspiration strikes. It’s a powerful step in making conversational commerce a reality.” The entire process, including payment, shipping, tracking, and invoicing will be handled behind the scenes with PayPal’s account linking, secure tokenized wallet and emerging passkey checkout flows, which could eliminate the need for passwords and streamline the experience to a single user query or click. Key features include: Agentic Commerce: Integration of PayPal’s commerce solutions, enabling users to buy products or services directly in Perplexity’s chat interface. Global Reach: Expanding Perplexity’s commerce tools to PayPal’s 430+ million active accounts across approximately 200 markets. Secure Transactions: Leveraging PayPal’s robust fraud detection and data security protocols.
Moderne and Diffblue partner to support app modernization by combining automated and deterministic code refactoring across entire codebases and agentic AI testing to catch potential bugs before they happen
Automated code refactoring company Moderne and AI-powered unit test writing agent developer Diffblue announced a partnership to deliver an integrated solution for enterprise application modernization. By joining forces, the two companies aim to help large organizations will be able to upgrade and modernize applications based on extremely large codebases with greater speed with less worry. The collaboration combines Moderne’s code transformation capabilities with Diffblue’s autonomous agentic AI testing capabilities to catch potential bugs before they happen. Moderne is built on the OpenRewrite open-source project, which provides automated, safe and scalable transformation across entire codebases. It’s deterministic, which means that it’s predictable for any task, including cloud migration, framework upgrades, security fixes and language updates. That’s important because the larger the codebase, the greater the chance that any update could introduce an issue — updating from an older version of Java, for example, version 8 to a more modern version such as 17. Through the integration, Diffblue’s testing capabilities will be built directly into Moderne’s OpenRewrite recipes so they can run at large scale during application transformation. They will also be activated within Moderne’s multi-repository AI agent, Moddy, to provide test coverage for mass-scale changes.
JPMorgan Chase completes the first settlement of tokenized treasury trade on Ondo’s public blockchain; moving away from its long-held private blockchain model
JPMorgan Chase has been steadily developing its own blockchain tech for years. But, instead of integrating it with public blockchains, the U.S.’s largest bank has taken what many in crypto call the “walled garden” approach and built out a private network only its customers can use. Now, JPMorgan is venturing beyond that garden. It announced that it had settled a transaction on a public ledger with the help of the crypto firms Chainlink and Ondo Finance. In early May, JPMorgan’s blockchain division, Kinexys, transferred money between two accounts on its private blockchain to settle the purchase of tokenized treasuries on Ondo’s public ledger. (Tokenized treasuries are money market funds that live on the blockchain.) To trigger the payment, JPMorgan used Chainlink, a communication protocol that lets blockchains process outside information. This is the first time JPMorgan has built out a structure to interface with a public blockchain, said Nelli Zaltsman, head of platform settlement solutions at Kinexys. “This is not just another POC [proof of concept],” added Sergey Nazarov, cofounder of Chainlink. “This is the beginning of something big.” Nazarov added that the structure is on track for “production,” a term for when software is ready for more widespread use.
Boomi and AWS partner to offer a centralized management solution for deploying, monitoring, and governing AI agents across hybrid and multi-cloud environments with built-in support for MCP via a single API
Boomi announced a multi-year Strategic Collaboration Agreement (SCA) with AWS to help customers build, manage, monitor and govern Gen AI agents across enterprise operations. Additionally, the SCA will aim to help customers accelerate SAP migrations from on-premises to AWS. By integrating Amazon Bedrock with the Boomi Agent Control Tower, a centralized management solution for deploying, monitoring, and governing AI agents across hybrid and multi-cloud environments, customers can easily discover, build, and manage agents executing in their AWS accounts, while also maintaining visibility and control over agents running in other cloud provider or third-party environments. Through a single API, Amazon Bedrock provides a broad set of capabilities to build generative AI applications with security, privacy, and responsible AI in mind, including support for Model Context Protocol (MCP), a new open standard that enables developers to build secure, two-way connections between their data and AI-powered tools. MCP enables agents to effectively interpret and work with ERP data while complying with data governance and security requirements. Steve Lucas, Chairman and CEO at Boomi. “By integrating Amazon Bedrock’s powerful generative AI capabilities with Boomi’s Agent Control Tower, we’re giving organizations unprecedented visibility and control across their entire AI ecosystem while simultaneously accelerating their critical SAP workload migrations to AWS. This partnership enables enterprises to confidently scale their AI initiatives with the security, compliance, and operational excellence their business demands.” Apart from Agent Control Tower, the collaboration will introduce several strategic joint initiatives, including: Enhanced Agent Designer; and New Native AWS Connectors and Boomi for SAP.
Capgemini’s mainframe modernization offering automates legacy code analysis and extraction of business rules using a set of generative AI agents
Capgemini has launched a new offering that enables organizations to unlock greater value from their legacy systems at unprecedented speed and accuracy. The new approach, powered by generative and agentic AI, allows organizations to gain cost savings, agility, and a significant improvement in data quality. It converts legacy mainframe applications into modern, agile, and cloud-friendly formats that can run more efficiently either on or outside of a mainframe. Capgemini’s automated mainframe application refactoring uses tools and techniques to automatically convert legacy mainframe applications, such as those written in COBOL, into modern architecture. The approach is supported by rigorous automated testing for faster, higher-quality transformations and reduced risk for businesses. Capgemini’s experience in delivering large and complex mainframe modernization programs, market leadership in AI, deep domain knowledge, and broad understanding of complex industry regulations has already delivered tangible results for blue-chip clients.
Boomi and AWS partner to offer a centralized management solution for deploying, monitoring, and governing AI agents across hybrid and multi-cloud environments with built-in support for MCP via a single API
Boomi announced a multi-year Strategic Collaboration Agreement (SCA) with AWS to help customers build, manage, monitor and govern Gen AI agents across enterprise operations. Additionally, the SCA will aim to help customers accelerate SAP migrations from on-premises to AWS. By integrating Amazon Bedrock with the Boomi Agent Control Tower, a centralized management solution for deploying, monitoring, and governing AI agents across hybrid and multi-cloud environments, customers can easily discover, build, and manage agents executing in their AWS accounts, while also maintaining visibility and control over agents running in other cloud provider or third-party environments. Through a single API, Amazon Bedrock provides a broad set of capabilities to build generative AI applications with security, privacy, and responsible AI in mind, including support for Model Context Protocol (MCP), a new open standard that enables developers to build secure, two-way connections between their data and AI-powered tools. MCP enables agents to effectively interpret and work with ERP data while complying with data governance and security requirements. Steve Lucas, Chairman and CEO at Boomi. “By integrating Amazon Bedrock’s powerful generative AI capabilities with Boomi’s Agent Control Tower, we’re giving organizations unprecedented visibility and control across their entire AI ecosystem while simultaneously accelerating their critical SAP workload migrations to AWS. This partnership enables enterprises to confidently scale their AI initiatives with the security, compliance, and operational excellence their business demands.” Apart from Agent Control Tower, the collaboration will introduce several strategic joint initiatives, including: Enhanced Agent Designer; and New Native AWS Connectors and Boomi for SAP.
Apple Vision Pro’s brain interface could leapfrog Neuralink; non-invasive methods could accelerate mainstream adoption of neural interfaces
Apple is developing brain-computer interface (BCI) capabilities that would allow users to control their Apple Vision Pro headset using only their thoughts. This is one of the most significant advances in Apple’s human-computer interaction strategy since the introduction of touch screens on the original iPhone. The technology would use external sensors to detect and interpret neural signals, allowing users to navigate the Vision Pro interface through mental commands. Apple is preparing to launch mind control support for its spatial computing device, though the timeline remains uncertain. The implications extend beyond the Vision Pro, as the same technology could eventually be applied to iPhones and other Apple devices. Apple is implementing strict data protections to ensure the security and privacy of neural data. The development puts Apple in direct competition with companies like Neuralink and Meta, but its focus on non-invasive methods could accelerate mainstream adoption of neural interfaces.