Episode Details

Three stories this week draw a direct line from platform controls to data blind spots to a courtroom in Manhattan — and the thread connecting them is the governance gap.

Stories Covered:

1. Microsoft Copilot February 2026 Governance Update

1. Project Manager Agent — public preview March, GA April. Not a copilot. An agent with a named role.
2. Multi-agent workflows — agents calling other agents, with visible handoffs
3. Risk-based AI agent inventory in Microsoft Defender — every agent in a single pane with posture assessments
4. Third-party connectors in public preview — governed access to Canva, HubSpot, Notion, Linear
5. License requests now require business justification
6. New centralized readiness dashboard in the admin center

2. Thales / S&P Global 2026 Data Threat Report

1. Only 34% of organizations know where all their data resides
2. 47% of sensitive cloud data is unencrypted
3. 61% cite AI as their top data security risk
4. Nearly 60% have experienced deepfake-driven incidents
5. Only 30% have a dedicated AI security budget
6. Only 39% can fully classify their data

3. US v. Heppner — Claude Conversations Ruled Not Privileged (SDNY)

1. Judge Jed Rakoff ruled that conversations with Anthropic's Claude are not protected by attorney-client privilege
2. Consumer AI terms of service do not create confidentiality expectations
3. Feeding attorney advice into consumer AI may waive privilege over the original legal advice
4. Enterprise AI subscriptions with contractual confidentiality provisions are the minimum standard
5. Litigators will now routinely request AI prompts and outputs in discovery

Key Takeaway: AI governance is not a compliance checkbox — it's an operating discipline that touches procurement, security, legal, and data architecture simultaneously.

Hosted by Stephen Forte