Introducing Trust Center RAG Chatbot for security compliance

Intelligent apps can transform your operations and help you take advantage of cloud-native tools and capabilities. How do you get started? Read this Microsoft Azure eBook explaining seven significant use cases where intelligent apps make a difference, from monitoring connected smart products and providing personalized recommendations to customers to creating automated AI copilots and detecting anomalies to protect against fraud.

Every morning I log into VPN, tap my MFA app… and suddenly I’m on my phone. A quick approval turns into a glance at messages, headlines, or notifications. Harmless? Maybe once. But across a workday — those micro-moments add up. Studies show it takes 23 minutes on average to regain full focus after a digital interruption. And the average knowledge worker unlocks their phone 50–70 times a day. That means every “just approve this login” could quietly drag productivity down — not because MFA is bad, but because it lives on the same device that hijacks our attention. Multiply that across every login, every employee… and you start to see it: Millions of hours of focus lost to security done right but designed wrong. Meanwhile, AI keeps accelerating — writing faster, coding faster, analyzing faster. Maybe the real competition isn’t the algorithm. Maybe it’s the phone. I don’t have the perfect fix. But I’ve started small — using desktop authenticators, silencing notifications, and extending MFA sessions for low-risk tools. Even reclaiming a few minutes of true focus each day feels like winning back ground — from the machines, and from myself.

Tired of doing the same tasks every day? I recently published a detailed guide on how I use n8n to automate workflows, integrate tools, and save hours every week — all without writing much code. This post covers real examples of how automation can streamline everything from notifications to data processing, whether you’re a developer, marketer, or just someone who loves efficiency. 👉 Read the full guide here: https://lnkd.in/dEHKzG5J Would love to hear what workflows you’ve automated or plan to build next. #Automation #n8n #Productivity #WorkflowAutomation #NoCode

Empower UK businesses to build smarter, safer, and more efficient Power Platform solutions. With Microsoft’s Power CAT Tools, developers can streamline code reviews, automate documentation, and strengthen security—all while accelerating innovation and compliance. Explore how DynaTech Systems helps UK organisations simplify and scale with Power CAT Tools. https://lnkd.in/dRhagVAh

3rd post this week for me as we have a lot of things to share. Bill is back again!!! (Sound on!) Everything you’ve built can be gone in an instant! Make sure you have the right protection in place. One tiny pop. ✂️🎈That’s all it takes. You’ve built something remarkable. A trusted brand. Loyal customers. Years of credibility. A strong reputation. Then it happens: one tiny pop. 📂 One file shared with ‘Anyone with a link’ sharing settings. 👤 One over-permissioned former employee. 👻 One shadow AI app with access to your Google Drive. 📤 One confidential report sent to a personal email. Everything you’ve built - gone in an instant. One mistake, and tomorrow’s headline writes itself. 🗞️ One pop can end it all. Protect your reputation. Protect your data. Prevent your pop. #saassecurity #saasdlp #apicasb #sspm #insiderthreat #missconfiguration

Most CISOs know the truth: buying a new tool is only part of the job. That shiny new security vendor solves a problem, but it immediately creates three new ones: * how do you make it work within your organization? * how do you integrate the data within your existing solutions/datalakes/dashboards etc. That’s the messy, invisible work that turns a great purchase into expensive shelfware. The win isn't just the detection capability; it’s making the results actionable. Teams shouldn’t be spending hours a day pulling data out of Tool A, transforming it, and pushing it to Tool B. That manual cycle is where burnout lives and where risks slip through the cracks. It's time to stop treating tools as isolated islands. Focus your investment not just on what a tool finds, but on how easily that information flows into your existing processes. Orchestration is the key to finally getting the ROI you were promised. If you want to automate time-consuming Application Security tasks, Smithy Security can help you. #AppSec #SecurityOrchestration #DevSecOps #AppSecTools

🚀 Day 22 of 30 Days to Agentforce Expert Challenge: Deploy Agent Authentication (https://lnkd.in/geFPjMbH) This module was a project for one of the most important aspects of building an enterprise - grade AI: Authentication. It's about making the Agent smart enough to know who it's talking to & to change its behavior accordingly. An Agent's actions & available topics shouldn't be the same for a public guest user as they are for a logged-in employee or customer. This module covered the hands-on process of building a secure, context-aware Agent that respects user permissions and data. 1. 𝐓𝐡𝐞 𝐂𝐨𝐫𝐞 𝐂𝐨𝐧𝐜𝐞𝐩𝐭: Authentication-Driven AI An enterprise Agent must be dynamic. The goal is to control the visibility and operation of its skills (Topics and Actions) based on the user's identity. ► 𝐆𝐮𝐞𝐬𝐭 𝐔𝐬𝐞𝐫: Should have access to public, general-knowledge topics (e.g., "Learn about our products," "General FAQs"). ► 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐞𝐝 𝐔𝐬𝐞𝐫: Should get access to personal, secure actions (e.g. "Check my case status," "Update my contact info," "Cancel my order"). 2. 𝐅𝐢𝐥𝐭𝐞𝐫𝐬 𝐚𝐧𝐝 𝐕𝐚𝐫𝐢𝐚𝐛𝐥𝐞𝐬: The "How-To" The project teaches you to control this access using context variables and filters. ► 𝐂𝐨𝐧𝐭𝐞𝐱𝐭 𝐕𝐚𝐫𝐢𝐚𝐛𝐥𝐞𝐬: You use a variable like IsGuestUser (which is a simple boolean) to track whether the user is logged in or not. ► 𝐀𝐩𝐩𝐥𝐲𝐢𝐧𝐠 𝐅𝐢𝐥𝐭𝐞𝐫𝐬: You can then apply filters to specific Topics or Actions based on this variable. 𝐄𝐱𝐚𝐦𝐩𝐥𝐞: The "Cancel Order" action would have a filter: IsGuestUser = false. If a guest user tries to access it, the Agent's reasoning engine sees the filter and won't execute the action, prompting the user to log in instead. 3. 𝐓𝐞𝐬𝐭𝐢𝐧𝐠 𝐁𝐨𝐭𝐡 𝐒𝐜𝐞𝐧𝐚𝐫𝐢𝐨𝐬: You can't just test one path. The project emphasized testing the Agent's behavior from both perspectives. ► 𝐓𝐞𝐬𝐭 1 (𝐀𝐬 𝐆𝐮𝐞𝐬𝐭): You run a preview and confirm that when you ask to "cancel my order," the Agent correctly tells you that you need to log in first. ► 𝐓𝐞𝐬𝐭 2 (𝐀𝐬 𝐀𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐞𝐝 𝐔𝐬𝐞𝐫): You simulate a logged-in user and ask the same question. This time, the Agent should see you're authenticated, bypass the filter, and proceed with the action. 📚 𝐁𝐢𝐠𝐠𝐞𝐬𝐭 𝐓𝐚𝐤𝐞𝐚𝐰𝐚𝐲: Authentication is what truly connects the AI to the Salesforce platform's core strength: the secure, 360-degree view of the user. It’s not just a security "gate" to lock users out; it's a "guide" that allows the Agent to provide a truly personalized, relevant & secure experience. This is what makes an Agent a personal assistant & not just a public chatbot. #Salesforce #Agentforce #AI #Security #CRM #Trailblazer #ContinuousLearning #30DayChallenge

One thing you shouldn’t miss this week: The OpenID Foundation’s October 2025 whitepaper on Identity Management for Agentic AI. It’s one of the first serious attempts to define how authentication, authorization, and identity should evolve for autonomous agents. Some key takeaways from the paper: 1. Dynamic Client Registration introduces a critical security flaw. — It creates large numbers of anonymous clients with no link to a real developer or accountable party. 2. Agent identity must include metadata. — Identity should be enriched with attributes such as model, version, and capabilities to enable risk-based access control. 3. Agents should use true “on-behalf-of” flows. — Access tokens must contain distinct identities for both the user and the agent to preserve accountability. 4. Recursive delegation requires scope attenuation. — Each step in a delegation chain must progressively and verifiably narrow permissions. 5. Revocation and de-provisioning are foundational for safety. — Revocation must propagate through the ecosystem; de-provisioning permanently removes an agent’s identity and entitlements. 6. Asynchronous authorization is necessary. — Client-Initiated Backchannel Authentication (CIBA) supports delayed, out-of-band human approval for agent operations. 7. Auditability depends on dual-principal records. — Logs must capture both the human principal and the agent actor using claims such as act in JWTs. 8. Browser and computer-use agents bypass traditional authorization. — These agents operate at the presentation layer, requiring new authentication mechanisms like Web Bot Auth. 9. Policy-as-code enables scalable consent. — Users define high-level intent policies that set operational boundaries for agents instead of approving each action. 10. IAM functions as a safety system. — In cyber-physical contexts, authorization policies define the agent’s safe operational envelope and enforce human oversight.

🏛️ Federal Friday Foresights...Google’s integration of Workspace + Gemini is accelerating how federal agencies deliver work: • Draft emails, reports, even videos — fast • Cut project timelines from ~90 days to 1–2 weeks • Built-in security, compliance, and AI-powered assistance Want to see how this plays out in federal operations? Read more: https://lnkd.in/gCdqSBYQ #WhereTodayMeetsTomorrow #FridayFederalInsights #AI #GovTech #DigitalTransformation #Workspace #SIS CDW

🔒 AI-powered browser extensions are transforming workplace productivity. But at what risk? Seraphic COO Suresh Batchu dives into this critical topic in his new article for Dark Reading. From prompt injection and regulatory compliance challenges to the growing threat of unmanaged extensions and social engineering, Suresh breaks down the new attack surface introduced by #AIBrowsers. Legacy tools miss these risks, but Secure Enterprise Browsers like Seraphic help you stay ahead. 👉 Read Suresh's expert insights for actionable guidance: https://okt.to/6nm3Br #AIsecurity #BrowserSecurity #Seraphic