Risky Business #816 – Copilot Actions for Windows is Extremely Dicey
Host: Patrick Gray
Date: November 26, 2025

Episode Overview

This episode explores the rapidly evolving landscape of information security, focusing particularly on the risks introduced by Microsoft's new Copilot Actions for Windows feature, large-scale supply chain attacks, escalating APT activity, regulatory changes, and shifts in how organizations are approaching security fundamentals amid advanced threats and disruptive technology like AI. Patrick Gray and Adam Boileau trade insights, debate implications, and interject their trademark wit as they parse these ongoing issues.

Key Discussion Points & Insights

1. Salesforce & Gainsight Incident – The New Normal in SaaS Breaches

• [00:41-05:59]
• Gainsight, an application integrated deeply with Salesforce, suffered a breach that allowed attackers access to API keys/tokens, leading to exposure of customer data.
• The attack mimics past tactics, likely involving the same “lapsus, Shiny Hunters” actors.
• Salesforce initially detected suspicious activity and informed Gainsight – showcasing improved detection capabilities post earlier incidents.
• The breach is another example of the risks inherent in interconnected SaaS ecosystems, where one vendor’s weakness can become everyone’s breach.

“...the way this thing works is it's a cloud service, and you have to get an API key from your Salesforce instance, plug it into the cloud service, and then the cloud service interfaces with Salesforce. Which begs the question, why wasn't this IP restricted?...” — Patrick Gray [03:06]

2. Insider Threats and Detection: From CrowdStrike to Intel

• [05:59-09:27]
• The CrowdStrike ‘breach’ ended up being the detection and removal of a malicious insider – an ideal outcome in terms of detection and response.
• Discussion about the difficulty of vetting staff in technical fields, with most organizations ultimately relying on trust plus security monitoring.
• Intel case update: turns out DLP solutions did catch exfiltration attempts, boosting the reputation of controls that are often maligned.

“No organization the size of CrowdStrike is going to be able to completely exclude, you know, a malicious insider. Right? ... being able to detect them and give them the heave ho, that's a good thing. That's a win.” — Patrick Gray [07:08]

3. Geopolitics & Proximity Threats: Russia, China, and Down Under Paranoia

• [09:30-14:49]
• Russian security research firm Positive Technologies publishes a report on tactics of Chinese APT31—a rare example of nation-state tensions surfacing in OSINT.
• The conversation then turns to an Australian Parliamentary advisory, suspecting that proximity of a Chinese delegation might increase espionage risk. This led to disabling WiFi/Bluetooth and urging use of lockdown mode—raising questions about the balance of actionable threats and scaremongering.

“Set fire to your laptop, eat your phone. The Chinese are coming.” — Patrick Gray [13:12]

“...you do start to wonder like, I wonder if there is something actionable, like is there some proximity thing? Because I mean, there have absolutely been proximity based attacks, you know...” — Adam Boileau [13:15]

4. ShallowDude/NPM Worm Redux – Supply Chain Chaos in the JavaScript Ecosystem

• [16:31-19:47]
• The notorious npm supply chain worm has re-emerged with improved propagation tactics—spreading via malicious packages, stealing secrets, and leveraging GitHub Actions for backdoors.
• Changes underway at npm try to plug gaps, but this is considered a chronic problem due to the dynamic nature of the JavaScript ecosystem.

“...the JavaScript ecosystem just kind of lends itself to these kinds of supply chain attacks. So yeah, we're going to see more of them and like, honestly it's just, you know, it's kind of fun to talk about. I'm glad I'm not a JavaScript dev though.” — Adam Boileau [19:47]

5. Regulatory Rollback: FCC Drops Telco Security Requirements

• [20:04-25:09]
• The FCC reversed minimum baseline security requirements for telcos in the US—despite persistent risks and the example set by recent Chinese intrusions (e.g., “Salt Typhoon”).
• While telcos face real challenges, presenters argue that lack of regulatory ‘external requirement’ ultimately impedes progress, even if regulation is never enough to stop truly advanced threats.

“...telcos don't really have that kind of cultural background of caring about security and so regulation for them maybe is more appropriate...” — Adam Boileau [24:22]

6. Copilot Actions for Windows: Security’s Next Big Headache

• [31:25-36:36]
• Microsoft is previewing AI-powered “Copilot Actions” in Windows, warning users that they probably shouldn’t enable it unless they fully understand the risks—which, by admission, no one really does.
• Patrick and Adam agree this is the “shape of things to come”: security teams won’t be able to block productivity-driving AI, and their role will shift to “enabling it without getting digitally murdered.”
• VX Underground’s X write-up points out most of the agent’s heavy lifting is server-side, further raising privacy and telemetry concerns.

“...they're shipping it and just saying, hey, this is like super experimental... unless you're like a super duper power user, like, don't turn this on. And we can't really, we don't really know what's going to happen here. So they're just hedging the absolute crap here out of this release.” — Patrick Gray [32:38]

“The idea of hooking up an LLM to be able to just like randomly do stuff with your Windows, it sounds terrifying. And you are correct in that they are just going to do it anyway.” — Adam Boileau [32:59]

7. Miscellaneous News Bites

* DDoS record in Australia ([26:46-28:12])

• Microsoft successfully mitigated a massive 15.7 Tbps DDoS attack targeted at an Azure endpoint.

* Cloudflare Outages Highlight WAF Dependency ([28:14-30:51])

• Discussion on how many orgs rely on Cloudflare for WAF, leading to risks during outages.

* SEC SolarWinds Suit Tossed ([25:09-26:46])

• Most of the SEC’s lawsuit against SolarWinds for security disclosure misrepresentation was thrown out—not likely to shift the status quo.

* Fortinet Web Vulnerability Now Mass-Exploited ([36:36-38:34])

• A previously discussed directory traversal/command injection in Fortinet appliances is now fully weaponized and widely exploited.

* Ongoing: Lapsus$-style cybercriminals up for trial in UK ([38:34-39:34])

• Two young defendants plead not guilty to Transport for London attacks and failure to comply with password turnover.

* Moscow coder charged with treason—possibly just for slamming Russia's new state messenger ([39:56-41:39])

• Highlights the dangers of doing “good faith” security research in Russia.

8. Industry Initiative: End the "Hacklore" Public Security Advice

• [41:39-43:37]
• Security pros (including Bob Lord) urge media and peers to stop parroting outdated/pointless advice like “don’t use public WiFi.”
• The letter offers a more rational, modern set of recommendations for the public (patch, password managers, MFA, etc.).

“So it's nice to have something to point to and something that they can kind of go and read on your own, on their own time so that you don't have to, you know, fix their Internet whilst you're at home...” — Adam Boileau [43:16]

9. Humorous Closer: Cryptography Association’s Botched Secure Election

• [44:27-45:34]
• The International Association of Cryptologic Research’s secure election failed when a coordinator lost their key material, annulling the outcome—illustrating that the hardest part of crypto is always the keys.

“It's not the algorithms, it's not the, like, key exchange primitives. It's not all of those things. It's where do we put the damn key?” — Adam Boileau [45:04]

Sponsor Interview Highlights: H.D. Moore of Run Zero

[46:02-57:14]

• On Network Graphs/Bloodhound Integration: Run Zero is experimenting with bringing its asset and topology data into Bloodhound’s open graph model for new visibility into attack paths and relationships.
  • Example Query: “Is there any network segment that has both an iPhone and a Cisco router with default SNMP config?” – [By correlating relationships, not just attributes.]
• On AI in Security: Run Zero uses AI for early vuln detection and data enrichment, and exposes an MCP server for integration into AI-driven agentic platforms.
• On Product Vision: The focus is on providing truly unique primary data—not just aggregating, but discovering relationships and exposures unavailable via inference.
• AI/ML Constraints: Being a self-hosted and SaaS product, Run Zero is cautious about where customer data is sent, differentiating them from others in the space who might “YOLO” sensitive data to LLM providers.

“You can't synthesize your way to the data we provide about network assets...” — H.D. Moore [54:30]

Notable Quotes & Moments

| Timestamp | Speaker | Quote/Paraphrase | |-----------|---------|------------------| | 03:06 | Patrick Gray | “Why wasn't this IP restricted to those ranges in the first place?... we need to start having these conversations...”| | 07:08 | Patrick Gray | “Detecting [an insider] and firing them seems like a win to me...” | | 13:12 | Patrick Gray | “Set fire to your laptop, eat your phone. The Chinese are coming.” | | 19:47 | Adam Boileau | “I'm glad I'm not a JavaScript dev though.” | | 24:22 | Adam Boileau | “Telcos don’t really have that kind of cultural background of caring about security and so regulation for them maybe is more appropriate...” | | 32:38 | Patrick Gray | “They're shipping it and just saying, hey, this is like super experimental...” | | 32:59 | Adam Boileau | “The idea of hooking up an LLM to be able to just like randomly do stuff with your Windows, it sounds terrifying...” | | 45:04 | Adam Boileau | “It's ... where do we put the damn key?” | | 54:30 | H.D. Moore | “You can’t synthesize your way to the data we provide about network assets...” |

Timestamps for Main Segments

• 00:41 — Salesforce/Gainsight supply chain incident
• 05:59 — CrowdStrike insider case & DLP “redemption”
• 09:30 — Chinese APT31 attacks; Russia’s public report
• 13:01 — Australian Parliament disables connectivity for Chinese delegation
• 16:50 — npm “worm” returns
• 20:04 — FCC withdraws telco security rules
• 25:09 — SolarWinds SEC lawsuit dismissed
• 26:46 — Record DDoS attack in Australia
• 28:14 — Cloudflare outage exposes WAF reliance
• 31:25 — Copilot Actions for Windows/AI security dilemmas
• 36:36 — Fortinet auth bypass/command execution now mass-exploited
• 38:34 — Young hackers up for UK trial
• 39:56 — Russian coder arrested for treason
• 41:39 — Security pros push for rational public cyber advice
• 44:27 — Cryptologic Research election disaster
• 46:02+ — Sponsor Interview: H.D. Moore (Run Zero)

Takeaways

• Supply chain and SaaS interconnectivity remain a critical attack vector.
• AI is already reshaping both offensive and defensive security paradigms.
• Regulatory retreats are unlikely to help, yet fixing fundamentals like asset discovery, detection, and rational advice can still move the needle.
• Tools may advance, but the basics—controlling credentials, vetting changes after outages, and keeping cryptographic keys safe—still trip up even the experts.

End of summary.