← All posts
·2 min read·By Phillip

AI Agents Are Now in Your Business — Here's the Security Homework

Copilots, ChatGPT connectors, and autonomous agents are showing up in SMB tenants whether you approved them or not. Practical governance for St. Louis businesses.

CybersecurityAIMicrosoft 365

In the last twelve months, "AI at work" stopped being a strategic conversation and became a compliance one. Microsoft 365 Copilot is on by default in many licensing plans. ChatGPT has native connectors into Google Drive, SharePoint, and GitHub. Every SaaS vendor is shipping an agent that wants read access to your data. And your employees are already using them — whether IT signed off or not.

Here's the security homework we're helping Saint Louis SMBs work through.

Know what's actually in your tenant

Start with an audit. In Entra ID, look at enterprise applications and OAuth consent grants — every app with Files.Read or Mail.Read on your tenant. In Microsoft 365, review Copilot activity in Purview. In Google Workspace, check the third-party apps report. You will find things you didn't approve. That's normal — that's the point of doing this.

Set a consent policy before you clean up

If you delete a hundred OAuth grants without a policy in place, users will just re-add them on Monday. Configure admin consent workflows so risky permissions require IT approval. Publish a short "AI tools we support" list — usually Copilot, one approved chat model, and one approved coding assistant — and make the approval path for adding anything else obvious and fast.

Data before permissions

Copilot doesn't leak data. It surfaces data users already had access to — sometimes data they shouldn't have had access to. Classic problem: a shared "Company" SharePoint site with everyone granted read access, containing HR files that were never meant to be broadly readable. Fix the underlying permissions before you turn Copilot on tenant-wide.

  • Run a sensitivity label audit
  • Turn on Purview DLP for HR, financial, and PII data
  • Review "Everyone except external users" sharing across SharePoint
  • Kill orphaned Teams sites nobody owns anymore

Agents that take actions, not just answer questions

The bigger risk in 2026 is agentic AI — tools that don't just read your data but do things. Approve invoices. Send emails. Create calendar events. Modify records in your CRM. Every one of those actions needs to be scoped to least privilege, logged, and reviewed. Treat an AI agent's identity like a service account with elevated blast radius, because that's what it is.

Awareness training that actually mentions AI

Most training decks still don't mention prompt injection, hallucinated URLs, or "the copilot said it was fine to click." Update yours, or ask your MSP to. If it hasn't been refreshed in the last six months, it's outdated.

Where to start this month

  • Audit OAuth grants in Entra and Google Workspace
  • Set admin consent workflow for risky scopes
  • Do a SharePoint permissions cleanup before broadening Copilot access
  • Publish an approved-AI-tools list to staff
  • Refresh phishing training with AI-era examples

Need a second opinion on your AI governance posture? Book a free consultation and we'll walk it with you.