AI isn’t magic, and organisations should treat it as a very new, very junior person: smart and helpful, but prone to misinterpretation if instructions aren’t clear. The guidance emphasises giving AI clear, specific goals and ensuring it’s supervised so it stops and checks with humans before taking consequential steps.
The piece stresses that AI is software, running with an identity and permissions, so access should be controlled by deterministic, non-AI mechanisms, with a principle of “least agency” to limit capabilities, APIs, or UIs it can use. It highlights risks such as indirect prompt injection attacks (XPIA) and the need to thoroughly test inputs, alongside the importance of data hygiene and robust identity management.
Core security practices include knowing where data lives, addressing overprovisioning, applying Zero Trust principles, and adopting Security Baseline Mode to restrict legacy formats and protocols. It also notes that Microsoft secures AI models hosted in Azure and that customers should vet AI models from reputable sources, with examples like Foundry and isolated runtimes.