Tag: AI

Meet Your Newest Insider Threat.

victorwingsing Leave a comment

It Doesn’t Have a Leaving Date. It Doesn’t Sleep. And It Has Access to Everything.

Let me introduce you to Dave.

Dave from Compliance is lovely. He’s leaving next Friday, he’s just retired, and he’s just discovered he can sync his entire OneDrive to his personal laptop. Dave isn’t doing this maliciously. He’s just a human with a deeply misguided sense of which files are ‘his’.

Now meet Dave’s replacement. No notice period. No offboarding checklist. No HR signal. It’s an AI agent ….and it’s already inside your environment, reading files, summarising documents, and traversing your SharePoint sites at machine speed. The agent doesn’t mean any harm. But if your data estate is a digital junk drawer with no labels, no classification, and no DLP, it doesn’t need to.

The Insider Risk Problem Just Got a Lot More Complicated

Insider risk has always been a human behaviour problem. The firewall was never the issue. It was always the person on the other side of it. But the conversation has shifted. Dramatically.

The Gurucul 2026 Insider Risk Report, produced in partnership with Cybersecurity Insiders, reports that 94% of organisations say AI adoption is increasing their insider risk exposure, 74% describe that increase as moderate or significant, and 90% experienced at least one insider incident in the past 12 months. These are not niche concerns. That is the entire market sweating through its shirts.

For UK financial services firms, the stakes are even higher. The FCA’s PS26/2 rules on operational resilience set incident reporting deadlines that begin in 18 March 2027, which means that ‘we did not know’ is no longer a defensible position. An Insider Risk Management programme is not a nice-to-have. It is a regulatory expectation wearing a cybersecurity badge.

Enter the Digital Insider

Risky AI usage is no longer limited to someone pasting a sensitive paragraph into a chatbot. The bigger shift is that AI is becoming part of day-to-day business operation. With Copilots, custom agents, and autonomous workflows can now retrieve files, reason across multiple sources, generate summaries from sensitive material, and in some cases take action on a user’s behalf.

Experts describe agentic AI as a new class of ‘digital insider’. Gartner predicts that 40% of enterprise applications will integrate task-specific AI agents by the end of 2026, up from less than 5% today. These agents are not malicious. But they are privileged, persistent, and capable of operating at machine speed. All without a leaving date, a notice period, or a natural sense of ‘I probably shouldn’t be reading this.’

The Microsoft Security Blog cites Microsoft Data Security Index findings that 84% of organisations want greater confidence in managing data input into AI applications, while 78% of users admit to bringing their own AI tools to work. The risk is not theoretical. It is already in your environment.

What Makes Agentic AI Different from Dave

A traditional user might search for one document at a time, open a small set of files, and manually decide what to do next. An agent does something very different.

  • It can query SharePoint sites, Teams content, emails, and repositories in rapid sequence.
  • It can pull fragments from many locations and assemble a high-value answer from data that was never intended to be viewed together.
  • It can surface confidential project plans, customer records, financial forecasts, source code, and credentials stored in long-forgotten collaboration spaces.
  • Security researchers have shown that prompting and retrieval patterns can be abused to turn AI assistants into reconnaissance tools – asking them to identify where passwords, keys, legal terms, or commercially valuable information may exist
    • This is something I’ve tried in multiple clients, a simple search by Copilot to look for documents with the words passwords (these are documents that are shared using ‘People in the Organisation’ option showed a handful of documents in .xlsx and some even in .docx format).

The risk expands further with computer-use style capabilities. Microsoft Copilot Studio’s computer use feature allows an agent to interact with web and desktop applications through a virtual mouse and keyboard. If a person can click through a finance app, enter data into a legacy system, or extract values from a browser session: an agent may be able to do the same. The desktop becomes another high-value discovery and potential exfiltration surface.

The key risk is shifting from simple data exposure to delegated authority. The real concern is not only whether AI can see sensitive data – but whether it can use that data inside connected workflows, across systems, and without the natural limitations of human judgement or working hours.

The Foundation You Cannot Skip

Before you can detect a Digital Insider — human or machine — you need to know what they are after. This is where most programmes collapse: they try to run IRM on top of a data estate that is basically a digital junk drawer.

The foundation is threefold, and none of it is optional:

1. Sensitivity Labels. Your data classification backbone. Without them, every file looks equally important — which means nothing is. In Microsoft Purview, labels like Public, Internal, Confidential, and Highly Confidential give you a taxonomy that both humans and automation can understand.

2. Sensitive Information Types (SITs). The pattern-matching engines that recognise credit card numbers, National Insurance numbers, bank account details, and custom regulatory identifiers. You cannot build DLP or IRM without tuned SITs.

3. Data Loss Prevention (DLP). Your first line of defence. It stops the easy mistakes — the accidental email to a personal account, the unsanctioned USB copy, the public SharePoint link. Crucially, DLP gives you the enforcement muscle before IRM gives you the investigative nuance.

If you do not have these three in place, your Insider Risk Management programme is just a very opinionated alerting system with no teeth.

An AI agent cannot respect a ‘Highly Confidential’ label if no such label exists. DLP cannot block exfiltration of customer data if DLP is not configured. And you cannot investigate anomalous agent behaviour if you have not defined what ‘anomalous’ means for a non-human actor.

Governing the Digital Insider with Microsoft Purview

The governance response has to be equally modern. Once your data foundation is in place, Microsoft Purview provides several layers specifically designed for the agentic AI era:

  • DSPM for AI: Discovers where AI is interacting with your data, identifies oversharing, and surfaces where sensitive information may be exposed to copilots and agents.
  • AI Observability: Extends visibility by showing how agents interact with files and data sources. Without this, you have a Digital Insider with no oversight.
  • DLP for AI Services: Controls what can be pasted, uploaded, or transferred to AI apps and unmanaged destinations. The built-in ‘Generative AI sites‘ group makes this straightforward to deploy.
  • Insider Risk Management (IRM): Adds behavioural context by correlating risky AI prompts, sensitive responses, exfiltration signals, and agent activity into a complete picture of risk.
  • Adaptive Protection — Dynamically adjusts DLP and device control policies based on the risk level of the user (or the agent). A high-risk agent session triggers stricter clipboard, print, and upload controls in real time.

Where to Start: A Practical Checklist

For practitioners, the message is clear. Treat agents as privileged actors, not just productivity features. Here is a practical starting point:

  • Reduce oversharing in SharePoint and other collaboration systems — tighten permissions and audit ‘Anyone’ and ‘Everyone at Organisation’ links.
  • Apply sensitivity labels across your data estate. Use auto-labelling and Trainable Classifiers to catch what manual labelling misses.
  • Deploy and tune DLP policies — covering endpoints, cloud apps, email, and generative AI interactions.
  • Enable DSPM for AI to discover which AI applications are connected to your environment and what data they can access.
  • Configure IRM for agents to detect anomalous behaviour — excessive data access, unusual file retrieval patterns, or attempts to interact with restricted repositories.
  • Build a cross-functional IRM steering committee. HR, Legal, IT, and Business Leaders all need a seat at the table.
  • Publish a clear Acceptable Use Policy and conduct a DPIA before deploying monitoring at scale.

The common Insider Risks and how to mitigate them

victorwingsing

In Part 1 (read it here), we established the strategic and collaborative foundations of Insider Risk Management.

Now, we move to the practical hands-on application of IRM: how to detect and investigate the specific patterns of insider risk using Microsoft Purview. This section is for those who are ready to implement these controls.

Let’s look at the 4 common patterns (plus an extra special one about AI) that most organisations sees their employees do when they try taking data out of the organisation…whether they are intentional about it or not.

The Departing Employee risk

People sometimes take client lists, pricing files, or other company information when they are about to leave because they think it will help them in their next job. They may want to keep customer relationships, prove their value to a new employer, or make their move to a competitor easier and faster. Some also tell themselves that the information is “theirs” because they worked on it or built those client relationships.

In other cases, the reason is fear or frustration. A departing employee may worry that once they leave, they will lose access to important contacts, documents, or knowledge, so they copy it “just in case.” Even if they do not see themselves as doing something serious, taking company data before leaving can expose the organisation to legal, commercial, and security risk.

Insider Prevention tip: Use HR connectors to flag resignations. Configure a policy that monitors for unusual collecting/sharing 90 days pre-departure.

Inside Purview Insider Risk Management > Head to Policy then select the template Data theft by departing users. Then Select the HR connector configuration screen for Insider Risk Management. This is used to import resignation or employment status data for departing employee risk indicators.

Here’s the link on how to setup the connector: LINK

How to use these settings: Configure the HR connector to bring in employee status changes, such as resignations or planned departures. After the connector is active, map the relevant HR fields correctly and verify that departing users are being detected. You can then use this signal in an Insider Risk Management policy to increase scrutiny during the pre-departure window.

The Email to self risk

The “remote work” excuse – emailing sensitive attachments to their own personal accounts (Gmail, Outlook.com, etc).

Mitigate this by creating a policy for detecting emails with attachments sent to personal email accounts or other external recipients.

How to use these settings: Select indicators for email activity to external recipients and focus on messages that include attachments. If available in your configuration, narrow the scope to personal domains and combine the policy with sensitivity labels or priority content so that high-value data is reviewed first.

Implementation Tip: Detect emails with attachments to personal domains. Correlate this with sensitivity labels to prioritise high-value data.

The Drip transfer risk

There are users who try to be sneaky by diong small, repeated transfers over time that individually look benign but collectively represent a significant leak.

To mitigate this, set your threshold or sequence settings for repeated low-volume transfers to the same external recipient over time. You can even use the same policy as the Email to Self policy above.

How to use these settings: Set thresholds that look for repeated actions rather than one large event, such as multiple small sends to the same recipient across several days. Tune the volume, frequency, and time window so the policy can identify slow exfiltration patterns without creating too many false positives.

Implementation Tip: Set thresholds for repeated sends to the same external recipient. Use volume-based triggers to catch this slow-and-steady exfiltration.

The “Detour” risk

This is when a user is blocked by DLP and immediately tries a workaround (e.g., downgrading a sensitivity label or using a personal device).

Modify your policy configuration to look for sequence of events where a user has experienced the following: DLP block events, sensitivity label downgrade signals, or related sequence detection settings for attempted workarounds.

How to use these settings: Configure the policy to look for a DLP block followed by a related action that suggests circumvention, such as a label downgrade or a second attempt through another route. The key is to use sequence-based detection so the system recognises the pattern of behaviour, not just a single isolated event.

Implementation Tip: Trigger on DLP blocks followed by label downgrades. This pattern is a strong indicator of intentional circumvention.

The Agentic AI risk

AI agents and copilots now act on behalf of users, accessing and moving data. 94% of organisations report AI is increasing insider risk. If your organisation does not have the basic data proctection control, there is a high-likelihood of data risk.

To mitigate this risk: Use both Purview Insider Risk Mnanagement and Purview Data Security Posture Managenent to create policies that specifically looks for risky AI usage.

Similar to you basic policies, you can create thresholds to identify false positives to true positives.

Conclusion: Starting Small, Thinking Big

Don’t try to boil the ocean. Start with a pilot group (e.g., M&A or Finance). Insider Risk Management is a journey of cultural and technical maturity.

It’s about building a resilient organisation where data is respected, privacy is protected, and risk is managed collaboratively.

AI Implementation Failures: What We Learned from 2024

victorwingsing

My news feed is filled with “A Year in Review” of what happened in 2024 and the thing that stood out to me was 2024 was a bit of a mess for AI implementations.

From chat-bots giving illegal advice to fake content flooding our news and social media feeds (I’m pretty sure that I’m not the only ones who’ve seen the Pope wear a cool puffy jacket)

Credit: https://x.com/skyferrori/status/1639647708154675200?mx=2

So how did we get here:

The rush to implement AI solutions was largely driven by market pressure and FOMO (Fear of Missing Out). Companies, desperate to stay competitive, rushed to deploy AI solutions without proper governance frameworks or security controls. Board rooms worldwide echoed with demands for “AI strategy,” often without understanding what that actually meant for their business.

This perfect storm was further fueled by the accessibility of AI tools and platforms. What used to require deep technical expertise became available through simple APIs and low-code interfaces. While this democratisation of AI is generally positive, it led to a “wild west” scenario where implementations often outpaced proper security and compliance considerations.

The result? Poor deployment, Terrible user experience and many half-baked AI solutions, security vulnerabilities, and trust issues.

Before You Start: The Boring (But Essential) Bits

Look, I get it – you want to jump straight into the exciting world of AI. But here’s the thing: you need to sort out your data house first. Think of it like baby-proofing your home. Your CISO and security team need to know exactly what data you’ve got, where it lives, and who’s allowed to play with it.

Get your Microsoft Purview DLP policies sorted, tag your sensitive stuff using Purview Information Protection, and make sure you’ve got the right security controls in place. Trust me, this boring bit will save you from some proper headaches later.

The Fix: Four Simple Actionable Steps

  1. Sort Out Your Governance
    • Get an AI committee going
    • Write clear policies on AI usage, Data Protection, etc
    • Set proper standards
    • Actually check if things work (please audit!)
  2. Lock Down Security
  3. Quality Control
    • Keep humans in the loop
    • Test, test, test
    • Watch those outputs (again please run audit checks)
    • Clean data = better results
  4. Smart Implementation
    • Start small, scale later (even on a controlled Copilot for Microsoft 365, pilot it first with a handful of trusted people)
    • Train your people properly, (end-user education is a must)
    • Listen to user feedback
    • Don’t rush it

2024 showed us that rushing in without proper planning is a recipe for disaster. Take your time, do it right, and maybe we won’t see your company in next year’s “AI Fails” list.

Other Sources: