HalcyonFT Quarterly Newsletter - Q1 2026 - Updates and Recommendations
As Q1 wraps up, the year is off to an exciting start. Maybe too exciting.
In this issue:
Cybersecurity Risk Across Portfolio Companies
Cybersecurity remains a top concern across private equity portfolios. A cyber incident at any single portfolio company can impair operations, trigger regulatory and contractual obligations, damage fund reputation, and directly affect returns. The risk compounds when portfolio companies share vendors, infrastructure patterns, or weak governance practices that create correlated exposure across the fund.
In response, many firms are moving toward more consistent cybersecurity governance across their portfolios. The objective is not uniformity but greater visibility into how risk is identified, managed, and escalated at each company. Common priorities include establishing baseline security expectations calibrated to each company's size, sector, and risk profile; improving governance and visibility into third-party and supply chain risk; and defining clear processes for incident escalation, response, and communication between portfolio company leadership and the fund.
We strongly recommend conducting a comprehensive cybersecurity review within the first 100 days of any acquisition. Publicly announced transactions elevate a portfolio company's profile as a target: threat actors monitor deal activity and exploit the operational disruption, system migrations, and personnel transitions that follow a close. A structured review during this window identifies material exposure early and produces a prioritized remediation roadmap before that elevated risk translates into an incident.
HalcyonFT's cybersecurity team partners with private equity firms and portfolio company leadership to deliver structured assessments and prioritized remediation plans that strengthen governance and build resilience without disrupting operations.
AI Reshapes Cyber Risk – Global Cybersecurity Outlook 2026
Artificial intelligence is rapidly reshaping the cybersecurity landscape and emerging as a central driver of risk. The World Economic Forum’s Global Cybersecurity Outlook 2026 found that:
87% of respondents reported an increase in AI-related vulnerabilities over the past year
77% reported an increase in phishing and cyber-enabled fraud over the past year
Nearly 75% said they or a peer organization had been affected directly.
Almost all expect AI to play a defining role in cybersecurity in 2026
A firm's use of AI expands the traditional exposure window. Malicious prompt injections, for example, exploit how large language models fundamentally process input and therefore cannot be fully eliminated through conventional software patching. An attacker can embed these injections in emails, documents, calendar items, or web content, manipulating any AI agent that ingests them. The permissions granted to AI agents must therefore be configured carefully and conservatively.
Fraud-driven attacks have overtaken ransomware as the most pressing digital risk, directly affecting financial institutions and eroding trust in digital systems. Phishing (email), vishing (voice), and smishing (SMS) remain the leading attack vectors. Other common threats include invoice and payment fraud tied to compromised business email, identity-related attacks, and insider or impersonation-based fraud.
Cyber risk is no longer solely a technical issue, but a broader strategic business challenge requiring coordinated action. Managing cyber risk requires strong platform guardrails, identity and access controls, data protection, continuous monitoring, and governance models that, by default, treat every interaction as untrusted. Companies must focus on layered controls that combine identity protection, transaction validation, user awareness, and continuous monitoring.
We encourage all clients to report suspicious activities to our team for triage and response assistance.
AI Agents and Automation in Family Offices and Investment Firms
HalcyonFT is helping clients move beyond simple automation toward secure, agent-driven workflows that operate across departments and systems. We design and implement these automations to reduce manual effort, improve data consistency, and shorten critical business cycles, all within a governance framework appropriate for regulated environments. Two recent engagements illustrate the approach:
We implemented an agent driven workflow to automate executive market intelligence and daily briefings for investment and leadership teams. The solution orchestrates AI agents to ingest content across multiple news sources, synthesize and contextualize insights by sector and portfolio relevance, and generate executive ready daily briefings. What was previously a manual, time consuming process is now delivered automatically each morning with consistent structure and clear designation.
We automated a client's vendor onboarding process by orchestrating workflows across finance, compliance, and IT. AI agents collect required documentation, validate submissions against internal policies, trigger the appropriate approval chains, and provision system access once all controls are satisfied. The result is faster onboarding with a complete audit trail at every step.
As these capabilities mature, the operational upside is significant, but so are the governance requirements. AI agents acting across systems need clearly defined access boundaries, logging and auditability at each decision point, human review gates for high-risk actions, and periodic recertification of agent permissions, just as you would expect for any employee with cross-system access. HalcyonFT builds these controls into every agent-driven workflow from the outset, not as an afterthought.
New Microsoft Products: Agent 365 and M365 E7 and a Planned Microsoft Price Increase
Microsoft's introduction of Agent 365, reaching general availability on May 1, 2026, signals a meaningful shift in how enterprises will govern AI-driven automation. Agent 365 is a control plane, not an agent builder. It provides each AI agent with its own Microsoft Entra Agent ID for identity, lifecycle, and access management, extending Defender, Purview, and Entra governance to cover agent activity alongside human users.
Licensing structure. Agent 365 is available as a standalone add-on at $15 per user per month. At General Availability, the license covers the human user, and all agents acting on behalf of that licensed user are included. Agent 365 is also bundled into the new Microsoft 365 E7 "Frontier Suite" at $99 per user per month, which combines M365 E5, Microsoft 365 Copilot, the Entra Suite, and Agent 365. Building and running agents requires separate tools (Copilot Studio, Microsoft Foundry), with execution costs billed on a consumption basis through Azure.
Why this matters. As AI agents proliferate across financial services workflows, they create a new category of identity, access, and compliance risk. Agent 365 addresses this by bringing agents under the same governance framework as human users. However, the commercial model is still evolving: autonomous agents operating independently (rather than on behalf of a specific user) remain in preview, with no published GA pricing. Firms should expect this model to continue shifting.
Separate from the new product announcements, Microsoft is raising prices across its entire M365 portfolio effective July 1, 2026, with increases ranging from 5% to 33% depending on SKU. Firms on month-to-month or short-term agreements should evaluate whether locking in current rates through longer commitments makes sense before that date.
HalcyonFT is actively tracking these developments and guiding clients through both the governance and cost implications of agent adoption. We recommend a licensing review before July 1 to assess exposure to the upcoming price changes and evaluate whether E7 or standalone Agent 365 licensing aligns with your firm's AI roadmap.
Claude for Financial Services
Anthropic's Claude is available in three product modes: Chat for conversational tasks like drafting and research, Cowork for agentic multi-step workflows with local file access and external connectors, and Code for developer-focused engineering work.
Claude's financial services plugins turn Cowork into a specialist. Five purpose-built plugins cover financial analysis, investment banking, equity research, private equity, and wealth management. The financial analysis plugin serves as the core, providing shared modeling tools and connectors to institutional data sources including FactSet, Morningstar, S&P Global, PitchBook, Moody's, LSEG, Aiera, Daloopa, and Chronograph, alongside workplace connectors for Microsoft 365, Slack, Gmail, and Google Calendar. The plugins enable tasks like parsing earnings transcripts, reviewing transaction documents, modeling scenarios, drafting IC memos, and generating rebalancing recommendations. Because the plugins are open source and file-based (Markdown and JSON, no code or infrastructure), firms can customize them to match their own processes, templates, and terminology.
Risk considerations. Cowork and Code are powerful precisely because they can act: reading files, executing workflows, connecting to external data sources, and producing deliverables with minimal human intervention. That autonomy introduces risk. Cowork processes documents, emails, and data feeds that may contain malicious prompt injections, as discussed above, and an overprivileged agent can act on those instructions across every system its connectors reach. Code operates directly in development environments with the ability to read, write, and execute. For regulated firms, the primary concerns are data leakage through misconfigured connectors, unauthorized actions taken without adequate human review, and audit trail gaps where AI-driven decisions lack the documentation that compliance and regulators expect. Best practices include applying least-privilege access to every connector and integration, restricting Cowork and Code to Premium or Enterprise seats where administrative controls and audit logging are available, requiring human review of all AI-generated outputs before they enter client deliverables or regulatory filings, establishing a clear internal policy defining which workflows are approved for agentic use and which remain human-only, and conducting periodic access reviews of active plugins and connectors to prevent scope creep. HalcyonFT recommends treating AI agent permissions with the same rigor firms apply to employee system access: named identities, scoped entitlements, logged activity, and regular recertification.
Licensing operates on three tiers:
The Team plan ($20 per seat per month, billed annually) includes SSO, domain capture, admin controls, and workplace connectors. Standard Team seats cover Chat;
Premium seats ($100 per seat per month, billed annually) add Cowork and Claude Code.
The Enterprise plan (custom pricing, 50-seat minimum, annual commitment) adds audit logging, a compliance API, SCIM, role-based access controls, an expanded 500K-token context window, and a dedicated account manager. Enterprise seats are priced as a platform fee plus usage billed at standard API rates based on actual consumption, a model CFOs should factor into budget forecasting.
For most of our clients, the right entry point depends on how they intend to use Claude. Firms that primarily need conversational AI for drafting, research, and ad hoc analysis can start with Team standard seats. Firms that want the financial services plugins and agentic workflows will need Team Premium or Enterprise seats. HalcyonFT can help determine the optimal configuration, licensing mix, and data governance posture for your firm.
SOC 2 Type II Compliance Recertification
HalcyonFT has completed our annual SOC 2 Type II recertification with zero exceptions. The audit, conducted by an independent third-party assessor, evaluates the design and operating effectiveness of our controls across security, availability, and confidentiality over a sustained observation period. Zero exceptions means every control tested performed as designed throughout the audit window, with no deficiencies identified.
For our clients, this recertification directly supports your own vendor oversight and regulatory obligations. SEC-registered advisers, broker-dealers, and fund managers are expected to conduct due diligence on third-party service providers and verify that appropriate safeguards are in place. A clean SOC 2 Type II report provides documented, independent evidence that HalcyonFT meets that standard.
Your HalcyonFT team can share a copy of the report upon request.
Final Thoughts
In a rapidly changing security and technology landscape, rest assured that HalcyonFT is by your side and keeping apace with the latest developments. Contact your HalcyonFT advisor today to discuss portfolio cybersecurity assessments, AI workflow automation, or AI licensing guidance.
We’re here to help.
Please contact your HalcyonFT team if you would like any additional information on any of these items.
— Your HalcyonFT Team
{ HALCYONFT UPDATES }
More Insights
{ CONTACT }
