News Analysis | 27 June 2026
I spent the morning testing a Microsoft 365 Copilot tenant for a client last week. The IT team told me Copilot was locked down, that Microsoft had handled it. The tenant was clean. What we found instead was a policy gap big enough to drive a data exfiltration truck through. That is the real story this week: vendors are shipping AI features faster than security teams can keep up, and attackers are already inside the gap.
81%
of security teams have no visibility into AI-generated code in their own repositories, according to industry surveys cited in the 2026 Enterprise AI Security Index.
The Screen Is Deceiving You
Tuesday’s NCSC warning was blunt: hostile states are now linked to roughly three-quarters of cyber attacks on UK critical infrastructure, and AI is the accelerant. At the same time, the US White House published updated AI cybersecurity guidance with a 30-day implementation window that puts federal agencies on a hard deadline for vulnerability scanning, patch coordination, and exposure management. The message from both sides of the Atlantic is the same: get the basics right, move fast, or assume compromise.
The most practical threat this week is privilege drift in AI-connected tools. Microsoft 365 Copilot, Google Workspace assistants, and GitHub Copilot all operate with implicit user permissions. If a user can access an email thread, the AI can read it. If the user can download a patient record or a contract, the AI can summarise it. That is not a design flaw. It is a trust model that security teams have not yet caught up with. The Cycode 2026 AI security report confirms that public AI security incidents rose 56.4% from 2023 to 2024 and are still climbing.
What This Means
You do not need a new budget to reduce the worst exposure. Start with identity and access for AI integrations. Review which applications can call your AI tools. Check whether service accounts used by Copilot or similar agents are over-provisioned. Turn off any AI connector that has no current business case. Second, treat AI-generated content as untrusted input. Code, emails, and documentation created by AI can carry hidden instructions that trigger when humans or other AI systems read them. That is not science fiction. OWASP Top 10 for LLM Applications lists prompt injection as the number one AI-native attack vector, and major vendors are now shipping runtime protections. If you are not running those protections, you are exposed.
AI security is not a product you buy. It is a governance decision you make every time you connect a new data source to an AI tool.