Leveraging Copilot Technology

You git clone a repo. You just inherited someone else's AI instructions. A year ago, Pillar Security proved this with research they called the Rules File Backdoor. They embedded hidden instructions inside .cursorrules and Copilot config files using invisible Unicode characters. Zero-width joiners. Bidirectional text markers. Stuff that doesn't show up in your editor or in a GitHub pull request review. It's still a problem today. When the AI coding assistant reads those files, it follows the hidden instructions. It generates code with backdoors, leaks API keys, or disables security checks. The developer sees clean suggestions. The code looks normal. The review passes. Ohhhh.... the irony!!! The whole point of rules files was to make AI coding safer. We told developers to create them. Define your coding standards. Set security guardrails. Share them across your team. The community built thousands and posted them to public repos for anyone to download. Attackers just followed the same distribution model. Post a helpful-looking rules file to a popular repo. Wait for developers to clone it. Every future code generation session in that project is now compromised. The poisoned rules survive forking. They persist across sessions. One file infects every output. This isn't a Cursor problem. Pillar proved it works across GitHub Copilot, too. It's a systemic vulnerability in how AI coding tools process context. Any file that shapes agent behavior is an attack surface. .cursorrules. .github/copilot-instructions.md. Claude project instructions. CLAUDE.md files. All of them. I maintain over 190 security rule sets for Claude Code. That means I think about this every single day. Every rule I publish is a file that developers will trust and load into their AI assistant without reading it first. If I got compromised or someone forked my repo and injected hidden Unicode into a rule, it would silently propagate through every project that uses it. The fix is straightforward but requires a mindset shift. Stop treating these files as configuration. They're executable instructions for an AI agent. That means version control with signed commits. Code review for every change. Unicode scanning in CI/CD pipelines. The same rigor you'd apply to a Dockerfile or a Terraform module. Both Cursor and GitHub told Pillar that users are responsible for reviewing AI suggestions. They're not wrong. They're also not helping. If you use AI coding tools, check the rules files in your repos today. Not tomorrow. 👉 My repo for security rules for Claude Code: TikiTribe/claude-secure-coding-rules 👉 Follow and connect for more AI and cybersecurity insights with the occasional rant #AgenticAISecurity #DevSecOps

The ERP consultant who only knows how to "configure" already has an expiration date. Today I did something that two years ago would have taken me 2 full days of work and a kickoff meeting. I put #Cowork + the new Dynamics 365 ERP plugin to configure a Legal Entity from scratch. Country: Switzerland. The result: ✅ Full tax setup (Swiss VAT, complete local fiscal context), correct on the first try. ✅ The tool made decisions, asked clarifying questions, understood the purpose. ✅ It grasped the country context without me spelling out every account number. ✅ At the end, it generated a reusable Runbook to replicate the setup in any other environment. ⏱️ Total time: ~75 minutes. Zero errors. And here's the uncomfortable question: How many implementation projects bill entire weeks for exactly this? The consultant's value is no longer knowing where the "activate VAT" checkbox lives. It's in understanding the business, the industry, the regulatory context, the processes nobody documented, the decisions that affect 3 years of financial reporting. - AI doesn't know why your Swiss client has a peculiar intercompany structure. - AI doesn't know what you promised the CFO in the January workshop. - AI doesn't know that "optional" field actually breaks the year-end audit. You should. And if your only differentiator is that you have F&O menus memorized... it's time to have a serious conversation with yourself. Dear Partners, ISVs, and Dynamics freelancers: This isn't a threat. It's a massive opportunity, for those who evolve. The consultant of the future is a strategist who knows business processes, not a menu technician. Are you ready? 👇 Microsoft Microsoft Community Microsoft Copilot Microsoft AI Cloud Partner Program #Dynamics365 #ERP #AIERP #AI #DigitalTransformation #Consulting #FutureOfWork #MVPBuzz

Today, let me share my two cents on AI Coding Assistants ... I have been using code assistants like Cursor and GitHub Copilot extensively recently. While productivity gains are undeniable, certain nuances must be considered to maintain long-term code quality. First, the notable advantages: >> Efficient Debugging and Documentation: AI assistants are excellent for generating unit tests, documentation, and brainstorming design patterns. Once I encountered a complex environment variable path conflict caused by multiple dependency versions. This type of issue is notoriously difficult to isolate, yet Cursor identified the root cause in under ten minutes. It saved hours of manual debugging. >> Rapid Prototyping: Exploring new frameworks is now straightforward. This provides leverage for researchers and non-engineers to build MVPs via "vibe coding" with ease. However, there are many pitfalls >> Code Verbosity: AI assistants, particularly Claude models, frequently generate more code than is strictly necessary. While some argue that prompt engineering can mitigate this, it remains difficult to prevent the AI from introducing over-complicated logic. >> Lack of Coherence: Automated changes can sometimes lack consistency across multiple files, likely due to internal context window limitations. Additionally, the tendency to include superfluous detail in documentation can clutter a codebase. >> Stale Training Data: LLM knowledge is often several months behind the latest releases. This is evident with fast-evolving libraries like TensorFlow. Relying on AI patches for outdated library versions without understanding the underlying mechanics significantly increases technical debt. Here are my recommendations for responsible usage >> Scrutinise Every Line: I would advise all developers, particularly those earlier in their careers, to avoid the temptation of "Tab-to-complete" without full comprehension. Challenge your AI assistant’s reasoning until you are satisfied. It may seem time-consuming initially, but it prevents costly architectural errors in the future. >> Transparency in Pull Requests: We should be honest about our AI usage. If more than 50% of a PR is AI-generated, it should ideally require two human peer reviewers. Furthermore, such code must be held to a higher standard regarding unit test coverage and quality scores. >> The Need for AI Audit Logs: There is a significant opportunity for IDEs to automate AI audit logs within PRs. These logs could specify the LLM used and the percentage of code generated versus refined. This would allow for better guardrails; for instance, code generated by one model could be cross-reviewed by another (such as Gemini or GPT) for an independent quality check. AI is a formidable tool but no substitute for critical thinking. To avoid technical debt, we must remain the primary architects of our systems. #SoftwareEngineering #AI #VibeCoding #CleanCode #TechLeadership

#AICoding tools can skyrocket your productivity—or stunt your growth as a developer. Last week, I spoke with students entering the industry about whether AI coding tools like #GitHubCopilot or #AmazonQ are worth using. Talking didn't do the job, so I scribbled a diagram to break it down: 🔹 Beginners: Risk skipping core fundamentals or not fully understanding what AI-generated code does. If AI feels "a step ahead," you're no longer the copilot—it is. 🔹 Mid-tier devs: Gain the most productivity. AI handles boilerplate and speeds up coding, but you still know when it’s helpful vs. when it’s not. You could still code without it. 🔹 Senior devs: See a boost, but the need to correct or wait for suggestions can break flow and be less efficient than just coding directly. Here's my takeaways: 😵💫 Don’t understand what Copilot is doing, but it works anyway? The AI is now the pilot, not you. Stop and assess. ✏️ Turn off Copilot occasionally. Ensure you can still solve problems and write code without assistance. It’s slower, but this is where true learning happens. 🤖 Leverage AI for routine tasks. Let it handle boilerplate code and repetitive tasks, but stay hands-on with complex business logic. 🧠 True problem-solving requires your intelligence, not just code. Don’t outsource critical thinking to an AI—use it for what it excels at, but keep ownership of the problem-solving process.

AI Won’t Just Boost Productivity. It Will Flatten Your Org Chart. Everyone believes AI simply boosts productivity. They’re missing the bigger picture. Generative AI isn’t just making tasks faster—it’s fundamentally redefining what tasks are essential and who performs them. They’ll argue AI can’t replace core human capabilities like leadership, creativity, and collaboration. Maybe they had a point—until tools like GitHub Copilot entered the scene and proved otherwise: as demonstrated in recent research by Harvard Business School (Hoffmann et al., 2025) 🔴 Traditional Knowledge Work: • Loaded with constant project management distractions • Often bogged down by collaborative friction and coordination delays • Primarily focused on established routines and known tasks (exploitation) • Dominated by hierarchical structures and top-tier talent acting as gatekeepers • Reliant heavily on frequent, time-consuming meetings and manual oversight 🟢 Generative AI-Driven Work: • Shifts attention decisively toward high-value, core creative and strategic tasks • Eliminates much of the collaborative friction, dramatically enhancing independent, focused productivity • Drives substantial exploration, experimentation, and innovation, fostering continuous growth • Democratizes contribution, significantly boosting lower-ability workers’ effectiveness • Empowers talent at all levels, reducing dependency on a few critical gatekeepers Think about it: GitHub Copilot alone increased coding activity by 12.4%, significantly reduced project management overhead by nearly 25%, and encouraged teams to explore new, innovative projects. These findings are detailed in the working paper “Generative AI and the Nature of Work” by Hoffmann, Boysel, Nagle, Peng, and Xu (2025), which provides extensive empirical evidence supporting these transformative impacts. This transformation isn’t incremental, it’s revolutionary. It’s like Slack, but instead of improving communication, it virtually removes the need for it altogether by allowing individuals to work autonomously yet effectively.

Real impact beats demos. ⚡ A customer asked for German support. The app was English only. A classic feature request that usually gets postponed because everyone knows the cost and me, as developer, I know how boring is the task. ⏳ I opened GitHub Copilot in agent mode and pointed it to the Cloud Opus 4.5 model. 🤖 Then I wrote a single request. "Add a feature: multi-language support. English and German only. Default language is English. Language switcher in settings via the gear icon in the navbar. Settings open a modal. Use resource files for translations." It touched the UI, added the settings modal, wired the language selector, introduced resource files, refactored hardcoded strings, and kept the structure clean. I reviewed and fixed small details. The heavy work was already done. ✅ Total time was 11 (eleven!!!) minutes. ⏱️ Without Copilot, this is at least four hours. Not because it is hard, but because it is boring, repetitive, and easy to get wrong when you rush. 😴 This is the point many people still miss. GitHub Copilot is not about writing code faster. It is about collapsing entire chunks of work that used to block features, customer feedback, and iteration. 🚀 And finally, as developers, we can focus on the real business logic and not just spending hours understanding why the local storage doesn't retrieve the right language. The last thing, maybe the most important one: "Use resource files for translations." This is the most important one. If you don't know how ASPNET works, the agent in the 90% of the case implements the resources directly in a class, and this is not really good. This is why it's important to study and learn anyway the technology, before ask Copilot (or whatever) to write 1000 lines of code.

After 28+ years architecting systems at places like Qualcomm and FedEx, I got tired of watching smart teams drown in dashboards just to answer basic questions. At XOPS, we built something different—a System of Intelligence that actually understands the relationships across your IT, HR, and Finance systems. More than data aggregation, it is real intelligence. Now with Microsoft Copilot (and/or Anthropic Claude/ Google Gemini) integration, your team can skip the dashboard hunting and just ask questions in plain language. Check out the video to see it in action. What makes this work: XOPS Living Knowledge Graph doesn't just connect your systems—it understands how your hardware, software, worksites, and workforce relate to each other. That context is what turns data into actual insight. Autonomous software robots handle the grunt work end-to-end. Employee onboarding. Asset logistics. License reclamation. The processes that burn your team's time every single day. The results? We're seeing value in 3 weeks (yes, really), data quality hitting 95%+, and teams finally freed up to do strategic work instead of data janitorial duty. I'm all-in on this because I've lived your problems. If you want to dig deeper on how this actually works in enterprise environments, let's talk. #AutonomousIT, #CoPilot #BeDifferent

I was reading Jared Hall's latest article and looking forward to his Ignite session with Sameer Verma and Niels Nybo Jensen Here is My Take on “Agentic ERP: What the New Dynamics 365 MCP Servers Unlock” Jarad Hall’s breakdown of the Dynamic MCP Server and the upcoming Analytics MCP Server is one of the clearest explanations of where ERP is headed. But the real story isn’t “AI inside ERP.” It’s ERP shifting from a passive system to an active participant in the business. Here are the angles that matter most right now. 1. The Dynamic MCP Server ends the era of ERP bottlenecks The original MCP server was a fixed toolbox. Useful, but limited. The new dynamic version changes everything. Anything a human can do in the ERP UI, an agent can now do too. Operational work isn’t assisted anymore. It’s executable. Today. This elevates ERP teams from process operators to process designers—a mindset many organizations still lack. 2. Analytics MCP turns ERP agents from doers into thinkers When Analytics MCP arrives, agents gain access to KPIs, hierarchies, measures, variance, and forecasting. This shifts agents from task execution to decision support. My skeptical take: most enterprises will underestimate the governance and model quality required. Agents reflect the semantic layer they reason over. Messy BPA models equal messy agents. 3. Unified governance is the quiet revolution Everyone will hype the autonomy. The real innovation is that MCP now follows ERP security, RBAC, and audit controls. It’s deployable at scale not just because it’s powerful, but because it’s governable. 4. Partners and ISVs just got a new industry to build Most partners will think in solutions. The real advantage is agentic workflows. If you’re an ISV, your product is now agent-ready. If you’re a partner, your IP becomes a library of reusable agentic patterns. This opens the door to a new category I’m calling “Agentic ERP Packs.” 6. The winning architecture is now obvious You’ll need: • Copilot Studio or Azure AI agents for orchestration • Dynamic MCP for operational tasks • Analytics MCP for reasoning • External connectors for anything outside ERP’s domain This stack is clean, scalable, and practical—no more duct-taped automation. My conclusion: Agentic ERP isn’t a feature. It’s a new operating model. Dynamic MCP gives agents hands. Analytics MCP gives them a brain. Governance gives them guardrails. Processes aren’t coded- they’re delegated. This is the biggest shift in business systems since the move to the cloud. Treat it as an operating model change, not a workflow upgrade. Please tune into the Ignite sessions to learn from our product leaders: https://lnkd.in/gCDxBb5M

🎄 Here is a short one for the Christmas holiday. AI agents are no longer just a concept — they’re becoming a practical extension of ERP systems. With the Model Context Protocol (MCP), Dynamics 365 Finance & Operations can now securely connect to tools like Copilot Studio and GitHub Copilot, enabling agents to reason over real ERP data. In this article, I share a hands-on, step-by-step guide to getting started with the MCP protocol in D365FO — from enabling the feature to testing it. If you’re curious about AI agents, automation, and the future of ERP, this might be a good read during the holidays 🎁 🚀 Enjoy my latest work 🚀 #D365FO #D365SCM #Dynamics365 #Microsoft #ERP #MicrosoftDynamics365Community #ModelContextProtocol #MCP #CopilotStudio #GitHubCopilot #AIAgents #ERPAutomation #PowerPlatform #Dataverse #EntraID #AzureAD #EnterpriseAI #BusinessApplications #DigitalTransformation #DynamicsCommunity #FinanceAndOperations #SupplyChain #TechCommunity #AIinERP

What if ERP didn’t just report numbers… but actually did the work? I’ve been running a small experiment with Dynamics 365 Finance & Operations and MCP (Model Context Protocol) — and it made me pause and rethink what ERP can become. This isn’t a finished solution. Just curiosity 🤔 and exploration. In my blog + video, I start by explaining: ✅What MCP is (in simple terms) ✅How it can be configured with Dynamics 365 Finance & Operations Then I tried a very practical finance scenario 👇 👉 “Find open vendor invoices and create a payment journal.” Here’s what surprised me: 🧾 The AI agent found open vendor invoices 🧠 It understood the business context ⚙️ It created a vendor payment journal directly in F&O 💬 All from a simple natural-language request No new screens. No custom UI. No endless clicking. As we move into 2026, this points to something bigger: An ERP that doesn’t just inform decisions — it executes them safely. This kind of shift doesn’t happen often. And it will change how finance teams work with ERP systems. 🎥 I’ve shared the full experiment in a short video , Watch here: https://lnkd.in/eCSCBA37 #Dynamics365 #microsoft #CFO #AIERP #MCP #ERP #MicrosoftCopilot