HalcyonFT Quarterly Newsletter - Q4 2025 - Updates and Recommendations

Written By Studio Soph
 
 
 
 

AI and Automation in Action  

HalcyonFT has completed a structured upskilling initiative across Microsoft’s Power Platform, Azure AI, and automation toolset. This foundation in AI and low-code automation better positions us to guide clients in adopting automation in 2026 and beyond.

We are fully prepared to partner with clients to evaluate processes, prioritize opportunities, and build practical automations that deliver measurable impact. We will work with you to develop use cases that pinpoint where automation can reduce manual efforts and improve efficiency, and our end-to-end execution of low-code automations will streamline your operations and improve productivity.  

Here are just two examples of automation in action:

  • Automated Reimbursement Processing
    One of our clients was processing reimbursements for work-related expenses by manually uploading receipts to a third-party web portal. Our team used Power Automate workflows and Adobe API to fully automate this process. Today, a dedicated mailbox converts messages and attachments into a single PDF that is sent to the vendor for processing. Automating this previously manual task has reduced the associated time by approximately 50%, allowing staff to focus on mission-critical tasks.

  • Automated Tracking of Legal Requests

    Another client was manually typing long legal requests and handling them via email, resulting in delays, repetition, and limited visibility. We implemented a Microsoft Form to capture all required information, converted submissions into structured SharePoint list items, and automated notifications for staff. This significantly reduced lead times and improved request tracking. Then we created a Power Automate workflow that generates a Microsoft Planner task with assignments for each form submission, and we introduced email alerts for task creation, updates, and completion. Now the client can monitor and process legal requests about 25% faster, maintaining a complete audit trail and quickly identifying issues or bottlenecks before they escalate.

As leadership teams look ahead to 2026, we encourage you to consider how HalcyonFT can help your company make similar strategic investments in efficiency, resilience, and operational maturity.

Microsoft Ignite: Agent 365 and Work IQ

At Ignite 2025, Microsoft officially declared its shift from the era of Copilot to the era of the Agent. Two critical new technologies underpin this shift:

  • Agent 365 is the new “control plane” for IT. As we deploy more autonomous agents, Agent 365 allows us to manage, secure, and monitor them from a Client’s single dashboard in the M365 Admin Center. A centralized registry prevents agent sprawl and gives us visibility into which agents are accessing which data, ensuring governance doesn't become a bottleneck to innovation.

  • Work IQ is the new “intelligence layer” for M365. Whereas Copilot processes text, Work IQ adds memory and inference to the system, which learns from your work habits, collaboration patterns, and project history to anticipate your needs. Now agents built in Copilot Studio understand the context of your job—not just the commands you type. And Word and Excel now have "Agent Mode" for handling complex, multi-step workflows autonomously.

Best Practices in Managed Security: 24x7 SOC Monitoring

Financial organizations face constant pressure from evolving cyber threats, regulatory requirements, and the risk of reputational damage. A Security Operations Center (SOC) provides the oversight needed to prevent attacks before they escalate.  

Organizations that maintain 24x7 SOC coverage significantly improve their ability to prevent incidents. Threat actors typically probe networks at night, on weekends, and during holidays when teams are offline, but 24x7 SOC monitoring detects suspicious activity in real time, thereby reducing the impact of potential breaches when every second counts.

Adding a dedicated SOC to your security stack brings peace of mind. Trained analysts regularly review logs, detections, and behavioral patterns across devices and cloud environments to evaluate security event logs and distinguish between routine noise and true threats.

HalcyonFT partners with Legato Security to provide clients with continuous monitoring and response. As AI-powered threats become increasingly automated, having a dedicated team watching over your environment is now best practice and one of the most effective safeguards for protecting a financial firm’s data and reputation.

Compliance with Regulation S-P Amendments

In May 2025, the SEC adopted amendments to modernize data privacy practices among financial firms. Protecting client information is central to HalcyonFT’s mission. Here’s a brief recap of how we protect client data in full compliance with the Regulation S-P amendments:

  • Our Information Security and Privacy Program is independently audited each year under SOC 2 Type II and ISO 27001, and aligned with the NIST framework, ensuring we meet the requirements of SEC Regulation S-P. If an incident involves confidential data, our Cybersecurity Incident Response Team acts immediately in accordance with our Incident Response and Business Continuity Plans.  Impacted clients are notified within 72 hours of confirmed compromise, and post-incident reviews drive continuous program improvements.  

  • Our Information Security Policy enforces technical and administrative safeguards, including encryption, access control, and continuous monitoring.  

  • All vendors that we use or resell that have access to private data undergo ongoing risk assessments and must maintain SOC 2 Type II or ISO 27001 security certifications. Our service contracts require confidentiality, breach notification, and secure data disposal.  

  • Our Privacy Policy governs how we collect, use, and retain non-public personal information. All staff sign confidentiality agreements and participate in annual privacy/security training with clear disclosures of data-handling practices for clients.

  • Other key security practices include MFA for all sensitive data, data retention limited to contractual or regulatory needs, and auditing and logging of access to private data.

AI-Driven Cyber Espionage

In September 2025, security researchers uncovered the first known cyber-espionage campaign largely executed by AI - not humans. A Chinese state-sponsored group manipulated and AI system into carrying out 80-90% of a multi-target intrusion campaign autonomously.

Under the guise of legitimate security testing, the attackers “tricked” the AI into independently launching the attack, with human operators stepping in only to greenlight major decisions. Working independently, the AI platform was able to:

  • Scan targets across industries

  • Identify vulnerabilities

  • Execute exploits

  • Steal credentials

  • Move through internal networks

  • Collect and analyze sensitive data

Despite occasional “hallucinations” that limited perfect execution, the campaign succeeded in compromising high-value targets. This marks a turning point in cyber operations: AI can now perform the work of an entire professional hacking team at scale, dramatically lowering the cost and expertise required for high-end intrusions.

Researchers shut down the actors, alerted affected organizations, and developed upgraded safeguards, but cybersecurity has clearly entered a new era in which AI will be central to both attack and defense. New detection systems are being developed specifically for autonomous AI-driven attack patterns, which are expected to grow in scope and frequency.

Organizations must invest early in AI-augmented security operations, proactive detection, and resilient safeguards to keep pace with rapidly evolving threats.

Holiday Festivities at HalcyonFT

Our team members are always hard at work, but we also make time to celebrate the holidays. The entire HalcyonFT team came together for a much-needed dose of sunshine, connection, and celebration in Miami. From a lively rooftop outing to a friendly (and competitive!) Top Golf session, every moment united our team members. We enjoyed a stunning rooftop dinner at Amara at Paraiso with delicious food, ocean breezes, and panoramic views. The energy, laughter, and bonding reminded us of our exceptional work culture, filled with supportive and collaborative professionals who consistently show up for one another.  

During this holiday season, we hope your teams have opportunities for similar shared experiences, building unforgettable memories that will carry us all into the year ahead.

We’re here to help.

Please contact your HalcyonFT team if you would like any additional information on any of these items.

— Your HalcyonFT Team

 
 
 
 
 

{ HALCYONFT UPDATES }

More Insights

 
Read more
 
 
 

{ CONTACT }

Connect with us to discuss what HalcyonFT can do for you

Lets connect
 
 
Studio Soph https://www.studiosoph.co.uk
Next

Halcyon Financial Technology, L.P. Earns 2025 Great Place To Work Certification™