Found something wrong? Have a suggestion? Know about a Microsoft AI security update we've missed? This goes directly to the author โ nothing is published publicly.
This site doesn't follow the standard security blog format. It's a curated synthesis โ built by reading across Microsoft's official documentation, RSAC announcements, and the field research of practitioners who are closer to the product than most.
Where findings come from specific people โ Derk van der Woude's work on Copilot Studio auth patterns, Thalpius's research on orphaned agent identities, Cyphora's Foundry logging analysis โ they are named and linked. The goal is to give credit where it belongs and make it easy to go deeper at the source.
The site is independent and not affiliated with Microsoft. It reflects the author's understanding at a point in time โ Microsoft updates products frequently and corrections are always welcome. If something here is wrong, outdated, or missing, the form below is the fastest way to get it fixed.
This site does not use cookies, does not track you across other sites, and does not sell your data. The only personal information collected is what you voluntarily submit via the contact form above.
Name and email (if provided) are sent to and stored by Formspree. Used only to respond to your message. Email is optional. Submissions retained as long as needed to respond, then deleted. To request deletion, use the form above.
This site uses Cloudflare Web Analytics โ cookieless, no fingerprinting, no individual tracking, no data shared with advertisers. Aggregate anonymised metrics only (page views, referrer, approximate region).
Password-protected, internal only. Messages processed in real time by the Anthropic API and not stored by this site. Sessions are ephemeral โ closing the tab clears everything.
This site sets no cookies. Cloudflare may set technical delivery cookies โ not used for tracking. See Cloudflare's cookie policy.
Substack handles all newsletter data independently under their own privacy policy. This site has no access to subscriber data.
EEA residents may request access, correction, or deletion of any personal data held (contact form submissions only). Use the form above.
| Service | Purpose | Privacy policy |
|---|---|---|
| Cloudflare Pages | Hosting and delivery | cloudflare.com/privacypolicy |
| Formspree | Contact form processing | formspree.io/legal |
| Anthropic API | AI chat responses | anthropic.com/privacy |
| Substack | Newsletter subscriptions | substack.com/privacy |
This site is operated by Shashank Raina, independent security architect. Not affiliated with or endorsed by Microsoft. Changelog ยท Last updated: May 1, 2026.