Here is your quick look at the most important shifts happening across the tech and AI landscape right now. We broke down the latest market moves, a critical security tool to check out, and a practical workflow to secure your internal AI agents.
1️⃣ Microsoft Copilot Cowork and OpenAI’s newest acquisition.
2️⃣ Promptfoo for automated security testing.
3️⃣ Securing internal Copilot-style agents.
4️⃣ The transition to managed AI infrastructure.
1️⃣ Microsoft Copilot Cowork and OpenAI’s newest acquisition.
Microsoft launches Copilot Cowork
Microsoft just rolled out Wave 3 of M365 Copilot, introducing a cloud-based AI agent that executes long-running, multi-step tasks across Outlook, Teams, SharePoint, and Excel. Interestingly, it uses Anthropic’s Claude as the reasoning engine. This update introduces Agent 365, a control plane to observe and secure all AI agents, packaged within a new E7 “Frontier Suite” at $99 per user per month. Third-party tools like Adobe and Figma can now plug in via MCP standards, transforming M365 into a massive, cross-vendor agent hub.
OpenAI acquires Promptfoo
OpenAI acquired Promptfoo to harden its enterprise agents. Promptfoo’s red-teaming, prompt-injection detection, and jailbreak testing will now sit natively inside OpenAI Frontier. More than 350,000 developers already use Promptfoo's tooling. By bringing this in-house, OpenAI is setting a new default standard for security testing in agent development.
2️⃣ Promptfoo for automated security testing.
Promptfoo
Promptfoo provides automated evaluation, red-teaming, and security testing for LLM applications and agents.
What it does: It runs automated tests for prompt injections, data leaks, tool misuse, and compliance via a simple CLI and API.
Who it serves: Developers, security professionals, and ML teams shipping AI apps who need systematic testing before pushing to production.
Why it matters right now: With OpenAI wiring Promptfoo directly into Frontier, this tool is becoming the gold standard for production-ready AI agents. Using it now aligns your internal practices with the future of enterprise platforms.
3️⃣ Securing internal Copilot-style agents.
Secure your internal AI agents before rollout
You can implement a robust security process for your AI agents today, whether you use Microsoft, OpenAI, or custom stacks.
Define the blast radius: Document exactly what data sources your agent can access (like code repos or CRM tickets). Explicitly list what it must never output, such as PII or financial secrets.
Integrate evaluation early: Add an evaluation tool like Promptfoo into your CI pipeline. Set it to run red-team prompts automatically on every code change to catch jailbreak attempts and data exfiltration.
Gate your deployments: Configure your pipeline to block deployment automatically if evaluations cross your defined risk thresholds.
Route telemetry to governance: Export your evaluation reports and logs directly to your SIEM dashboard (like Splunk or Datadog) so your security team can monitor behavior over time. If you use Microsoft, map the agent into Agent 365.
Iterate with policy: Use recurring test failures to update your system prompts and technical controls. Adjust your tooling scopes and RAG filters before you scale the agent to more users.
4️⃣ The transition to managed AI infrastructure.
Agentic AI is officially moving out of the experimental phase and into managed infrastructure. Microsoft’s Agent 365 and OpenAI’s integration of Promptfoo show that AI agents will live securely inside existing productivity stacks, not as rogue side projects.
Procurement and security teams will soon expect built-in evaluation, red-teaming, and observability as basic requirements. Developers who learn to ship agents with CI-based testing and auditable behavior will sail through enterprise approvals much faster. For founders, building tools that pass these strict security policies by default is your new competitive advantage.
Help us spread the word!
If you found this breakdown useful, please forward it to a colleague or share it with your team. We also want to hear from you—reply to this email and let us know what stack your team relies on most (Microsoft 365, Google Workspace, or custom dev tools) so we can tailor next week’s workflow to your exact environment.