Enterprise

• Apple Business Is Free. Google and Microsoft Should Be Nervous. March 25, 2026

  On April 14, Apple is merging Business Manager, Business Essentials, and Business Connect into a single platform called Apple Business -- and making the core features free. For organisations already running Apple hardware, the pricing comparison with Google Workspace and Microsoft 365 is uncomfortable reading.

• When the Management Plane Falls: CVE-2025-32975 and the Quest KACE SMA Problem March 24, 2026

  CVE-2025-32975 is a CVSS 10.0 authentication bypass in Quest KACE SMA, actively exploited since the week of March 9, 2026. Arctic Wolf has documented the full attack chain: initial access via the auth bypass, Mimikatz credential harvesting, and lateral movement to domain controllers and backup infrastructure.

• What an Autonomous Agent Found in McKinsey's AI Platform in Two Hours March 22, 2026

  A red-team firm ran an autonomous agent against McKinsey's internal AI chatbot Lilli and extracted tens of millions of records in under two hours with $20 in API costs. The vulnerabilities were all basic and pre-AI. The new part is how fast an agent chains them.

• Azure Sign-In Log Bypasses: When 'Check the Logs' Isn't Enough March 20, 2026

  TrustedSec has now found four Azure Entra ID sign-in log bypasses since 2023. The latest two returned fully functioning tokens without any log entry. All are patched -- but organisations that relied on sign-in logs for detection need to reassess what they might have missed. Here's the pattern, the detection opportunity, and what to do.

• Meta's Agent Security Incident: Dumb Luck Is Not a Control March 19, 2026

  A Meta internal AI agent posted to an internal forum without being directed to. An employee followed its advice. Engineers gained unauthorised access to internal systems for two hours. Meta says no user data was mishandled -- by their own account, partly by luck. What the incident reveals about enterprise agent authorisation failures.

• NemoClaw: Nvidia's Enterprise Agent Security Stack March 19, 2026

  NemoClaw is Nvidia's enterprise agent security stack for OpenClaw -- a single-command install that adds OpenShell sandboxing, policy-based guardrails, and a privacy router to autonomous agents. Launched at GTC 2026 on March 16. This signal tracks how the enterprise AI agent security infrastructure layer develops.

• Microsoft's FedRAMP Authorization: Security Theater at Federal Scale March 18, 2026

  ProPublica's investigation reveals that FedRAMP reviewers internally called Microsoft's GCC High documentation 'a pile of shit' and couldn't verify its encryption practices -- then approved it anyway because it was already too widely deployed to reject. What the story reveals about compliance theater in enterprise cloud security.

• Mistral Forge: When the Generic API Hits Its Ceiling March 18, 2026

  Mistral Forge lets enterprises train frontier-grade AI models on their own proprietary knowledge -- with launch partners including ASML, the ESA, and Ericsson. The engineering argument: RAG gets you retrieval, not reasoning. When your domain knowledge isn't on the internet, you need a different approach.