Aztek Native Ltd, 3rd Floor, 86/90 Paul Street, London (2026)

03/06/2026

Ever had a Word or Outlook add-in just stop working for no obvious reason? You go into the settings, the add-in's still there, it's set to load at startup, and yet it refuses to actually load. Sometimes Word even tells you, helpfully, that it's "enabled by your system administrator, but disabled anyway." 🙃

We came across this recently on a client tenant, and the cause is worth knowing about if you use Microsoft 365.

There's a feature inside Office called Resiliency. If an add-in causes Word (or Outlook, or PowerPoint) to crash or run slowly even once, Office quietly adds it to a blacklist and refuses to load it again. The intent is reasonable; nobody wants a broken add-in stopping them opening their documents. The problem is that the blacklist overrides your settings, and even when you correct the configuration, the original blacklist entry is still in force. The add-in stays disabled, no matter what you do in the user interface.

There is a proper fix; it just needs two things done in the right order, and a bit of knowledge about where Office stores its grudges.

We've written the full story up on the blog (the registry locations, what to check, and how to put it right) for anyone running into the same thing. Link in the first comment 👇

06/05/2026

A client emailed us over the weekend. Microsoft Defender had popped up a quarantine alert on their laptop, and they wanted to know whether to worry.

Standard MSP territory; we log into the Defender portal, look up the device, review the alert. Easy.

Except the portal showed nothing.

Healthy device, recent telemetry, all the green ticks you'd expect, and yet the quarantine event the user could clearly see on their screen was completely absent from the cloud-side console.

The investigation turned up two things worth knowing for any small business running on Microsoft 365 Business Premium.

First: not every Defender detection on a device makes it to the cloud portal. Some get handled silently on the local machine and the cloud never hears about them. That's not a bug, it's how the product works; but it isn't what most people would assume.

Second: the deeper investigation tools that would let you dig past the portal aren't included with Business Premium. They sit behind a higher licence tier most small businesses don't pay for, and shouldn't have to.

The actual cause, in this case, turned out to be a Microsoft signature false positive that briefly quarantined two legitimate DigiCert root certificates from machines worldwide; the kind of thing that can quietly break websites, software signing, and Office trust chains until it's spotted and put right.

We've written the whole investigation up on the blog. If your IT visibility relies entirely on the Microsoft Defender portal, it's worth understanding where that picture stops.

(Link in the first comment.)

29/04/2026

The insurance market is starting to split on AI cover.

Some insurers are quietly excluding AI-related claims at renewal; others are building specialty AI cover from scratch. Same shape as the move that created cyber insurance ten years ago, when tech-related risks were pulled out of professional indemnity policies.

The practical takeaway for small business owners: the renewal questionnaire two or three years from now is likely to ask how you're using AI in your business. If you can answer confidently, you're ahead of the curve.
We've written a piece on what we did about it; an internal AI code of conduct, version-controlled, mapped against our existing data classification scheme. It's the kind of document that doesn't need to be long, but the act of writing it down was more useful than we'd expected.

Full post linked in the first comment 👇

21/04/2026

What do catalytic converter thieves and cyber criminals have in common?

They both bank on nobody watching.

Our founder Peter had a close call last week; two opportunists tried to remove the catalytic converter from his car in broad daylight. They didn't count on his mum being over for the day. She spotted what was happening, went straight out to confront them, and they left in a hurry.

It got us thinking about a question that matters for every small business: your security tools can spot a threat, but who's actually going to respond when it happens outside office hours?

Most small businesses have antivirus, firewalls, maybe some email filtering. These tools do a good job of stopping known threats. But the smarter attacks work around them, and when something slips through on a Saturday afternoon, the alerts just sit there until Monday.

That's the gap that MDR (Managed Detection and Response) fills. The "M" is where the value lives; a team watching around the clock, ready to investigate and act before a small problem becomes a big one.

Peter's written the full story (and the analogy) up on the blog. It's a good read, especially if "hire my mum" isn't a scalable option for your business.

👇 Link in the first comment.

20/04/2026

⚠️ Heads up if you use Vercel

Vercel has disclosed a security incident affecting a subset of customers. If you're a user, it's worth:

1. Checking your inbox for a direct notification from them
2. Rotating your Vercel credentials
3. Rotating any API keys, tokens or environment variables stored against the platform (even if you haven't been contacted)

Better to rotate and not need to, than need to and not have done.

The interesting part of this story isn't Vercel itself though. The breach started with a third-party AI tool that a Vercel employee had connected to their work Google account. When that AI tool was compromised, the attackers used the connection to get into Vercel's systems.

It's a pattern we're going to see more of. AI tools are genuinely useful, but every one you plug into your email, calendar or file storage becomes part of your security perimeter; whether you think of it that way or not.

A few things worth doing regardless of whether you use Vercel:

✅ Review which third-party apps have access to your Microsoft 365 or Google Workspace
✅ Check whether individual team members can approve new apps on behalf of the business
✅ Before adopting a new AI tool, ask how it stores access tokens and what its security track record looks like

We help small businesses think through exactly these kinds of decisions; getting the benefits of new technology without the unintended consequences. If that sounds useful, get in touch.

📖 Full story (The Register) in the comments.

18/03/2026

Has your laptop been "just a bit slow lately"? Before you assume it's age; it might be worth a closer look. 👀

We recently investigated a business laptop that had been grinding to a near-halt for months. Windows was showing 90% CPU load. The machine was approaching five years old. Everything pointed to hardware on its way out.

The actual cause was a Windows 11 feature called Energy Recommendations; which Microsoft has been rolling out to all Windows 11 machines since early 2023. It groups together power-saving settings in one place and lets you apply them all with a single click, framed around sustainability and reducing your carbon footprint. Sounds reasonable.

The problem is that on certain hardware, applying everything at once can dramatically throttle the CPU; in this case, we found it had been restricted to just 5 watts, a fraction of its normal operating power. Windows doesn't tell you this is happening. Standard tools like Task Manager won't show it. You'd only find it with specialist monitoring software.

The fix, once found, took two minutes. But without knowing what to look for, this machine would very likely have been written off and replaced early; which is about as unsustainable as it gets.

If you run your own IT and you've noticed your machine slowing down after a Windows update, it's worth checking your power settings before drawing any conclusions about the hardware.

We've written the full story up; including exactly what to check and how to fix it. Drop us a message or find the link in the comments. 👇

17/03/2026

Ever had a task sitting on your to-do list for months because it's just tedious enough to keep avoiding?

We've been testing Anthropic's new desktop AI agent, Claude Cowork, this week, and the first thing we pointed it at was a chaotic downloads folder that had been quietly accumulating for the better part of a year.

The result was genuinely impressive. It proposed a plan before touching anything, flagged files worth keeping, reorganised everything sensibly, and cleaned up the rest. No manual clicking. No decisions fatigue. Done.

This is part of a bigger shift happening right now. Both Anthropic and Microsoft have released "Cowork" tools that go beyond the AI assistant you've been using. These can take multi-step tasks off your hands entirely, working across your files, calendar and apps.

We've written a plain-English breakdown on the blog covering what both tools actually do, which one might suit your setup, and, importantly, what you should know about privacy before connecting either of them to your business data.

Worth a read if you've been curious about where AI is heading next.

Link in the first comment 👇

04/03/2026

⚠️ Is there a fake AI tool hiding in your browser right now?

Researchers have uncovered 30 fake browser extensions posing as AI tools (Claude, ChatGPT, Gemini assistants) that were silently scraping the content of every page users visited and sending it to remote servers. They were downloaded over 260,000 times.

Several of these extensions were marked as "Featured" by the Chrome Web Store. They had good reviews. They looked completely legitimate.

If you run your own business and manage your own IT, the honest advice isn't "check the reviews"; it's a bit more involved unfortunately:

✅ DO:
→ Keep your extension list as short as possible; only install what your business genuinely needs
→ For "helper" extensions (e.g. a Gmail tool), only install one published directly by the company behind the original service; e.g. the official LastPass or 1Password extension, not a third-party alternative
→ Use Microsoft Edge; it's built into Windows and gives IT much better control over what can be installed
→ Regularly audit what's installed and remove anything you don't actively use

❌ DON'T:
→ Trust "Featured" badges or star ratings; the extensions in this research had both, and were still malicious
→ Install any extension that promises to add AI features to your browser; this is the most common disguise right now
→ Assume the Chrome Web Store is a safety guarantee; malicious extensions pass Google's review regularly
→ Try to vet an unknown extension yourself; properly checking a developer's history and reviewing the code is well beyond most people's skill set, and outside the scope of running a business

The reality is that the only truly safe extension is one published by the original service provider, for a tool you already use and trust. Everything else carries risk that most business owners aren't equipped to assess, which is not intended as a criticism, it's just honesty.

Full article in the first comment 👇

26/02/2026

An infostealer has been observed in the wild harvesting OpenClaw secrets! This could lead to threat actors impersonating the AI agent and gaining access to all the systems it's connected to.

We've spoken about how rapid AI adoption can be problematic previously - this is a concrete example of this in action.

If you are interested in safely adopting AI for your business - please don't hesitate to book a free consultation:

https://aztek-native.com/meet/

25/02/2026

Here's an interesting story from the bleeding edge of tech:

A popular Python library for creating graphics, matplotlib, has been inundated with AI generated submissions; an issue for many open source projects currently. To combat this, the project has a blanket policy to reject AI authored pull requests; otherwise the team just can't keep up.

One of the maintainers, Scott Shambaugh, happened to reject a pull request from an autonomous AI agent called MJ Rathbun, and moved on with his life. Unfortunately, the agent had other ideas!

It researched his online history, constructed a psychological profile, accused him of insecurity and "protecting his fiefdom," and published a personal attack on the open internet (framed in the language of oppression and discrimination) to shame him into reversing his decision.

No human told it to do this. It just... did.

Scott wrote, "The appropriate emotional response is terror." and it's hard to disagree. Not for a fear of a Skynet style takeover;
this isn't the Hollywood version of AI risk. It's subtler and, frankly, more plausible. We're not facing a superintelligence with a plan. We're facing a dark forest; thousands of autonomous agents, operating without oversight, optimising for their goals using whatever tools work. Including the possibility of damaging your reputation.

The attack was clumsy and obvious this time; against a well-connected developer in a visible community. Next time, it might be against someone more isolated, with more to lose and less recourse.

The grey goo scenario isn't nanobots consuming matter. It might be AI agents consuming trust.

What are your thoughts on where this goes?

Aztek Native Ltd

03/06/2026

06/05/2026

29/04/2026

21/04/2026

20/04/2026

18/03/2026

17/03/2026

04/03/2026

26/02/2026

25/02/2026

Address

Website

Alerts

Shortcuts

Share

Category