Tech Brief
May 14, 2026
Your morning roundup of the most relevant technology and AI news. Curated by 312 IT Consulting.
A heavy security day for Chicagoland businesses: a critical Palo Alto firewall flaw under active attack is getting its patch this week, and Palo Alto's own CTO is warning that AI-powered cyberattacks will be routine within months. On the productivity side, Microsoft 365 E7 with Agent 365 is now live (and Claude is now a model option inside Copilot), Google is making it easier than ever for small businesses to leave Microsoft, and TechChicago Week kicks off in five days at Soldier Field and the House of Blues.
Palo Alto Networks releases patch this week for actively exploited firewall zero-day (CVE-2026-0300)
Palo Alto Networks began rolling out fixes today for CVE-2026-0300, a critical unauthenticated remote-code-execution flaw in the PAN-OS User-ID Authentication Portal that has been under active exploitation by state-backed attackers since early May. The vulnerability carries a CVSS score of 9.3 and was added to CISA's Known Exploited Vulnerabilities catalog on May 6, with a May 9 deadline for federal agencies. Affected devices include PA-Series and VM-Series firewalls with the Captive Portal enabled — full patch rollout runs through May 28, depending on PAN-OS release track.
Why it matters for your business: If your office runs a Palo Alto firewall — or your managed IT provider does — this is the most important patch of the month. Until the update lands on your device, the recommended mitigation is to restrict User-ID Authentication Portal access to trusted zones only, or disable Captive Portal if you don't use it. Don't wait for your MSP to call you — ask them today whether your firewall is exposed and when the patch will be applied. Our cybersecurity checklist walks through how to keep on top of vendor security advisories.
Read the SecurityWeek advisory →Palo Alto CTO: AI-driven cyberattacks will become the "new norm" within three to five months
Palo Alto Networks Chief Technology Officer Lee Klarich told CNBC yesterday that businesses have a "narrow three-to-five-month window" to harden their defenses before AI-driven exploitation becomes routine. The warning comes as both OpenAI's GPT-5.5-Cyber and Anthropic's Mythos models have demonstrated the ability to complete multi-step simulated corporate cyberattacks in independent UK AI Security Institute testing. OpenAI rolled out GPT-5.5-Cyber to vetted defenders earlier this month and is extending access to EU regulators; Anthropic remains more restrictive, with roughly 40 organizations having access to Mythos.
Why it matters for your business: "AI cyberattacks" sounds like sci-fi, but the practical impact for SMBs is concrete: phishing emails that pass every smell test, voice-cloned vendor calls asking for wire transfers, and automated probing for unpatched systems at a pace humans can't match. The fundamentals don't change — patch fast, enforce MFA on everything, train staff on social-engineering red flags — but the tolerance for delay shrinks. If you haven't reviewed your security posture in the last 12 months, this is the quarter to do it. Book a free consultation and we'll walk through where your real gaps are.
Read the CNBC report →Microsoft 365 E7 and Agent 365 hit general availability — Claude now selectable inside Copilot
Microsoft 365 E7 (the "Frontier Suite" bundling E5, Microsoft 365 Copilot, and Agent 365) went generally available on May 1, and the rest of May has brought a steady drumbeat of capability updates: GPT-5.5 Thinking and ChatGPT Images 2.0 are now live inside Copilot, Anthropic's Claude is appearing as a selectable model in Researcher, Excel, and PowerPoint for licensed Copilot users, and a new three-year purchasing option for Microsoft 365 Copilot is now available through CSP partners. Outlook Classic is also getting AI-based insights this month, finally catching up to the new Outlook.
Why it matters for your business: The big takeaway: model choice inside Copilot is real now. If a Claude or GPT-5.5 model handles your team's work better than the default, you can switch — without changing platforms. That said, don't reflexively upgrade to E7. Most Chicago SMBs we work with are still underusing Business Premium or E3. Audit your actual Copilot usage first; the 3-year CSP option only saves money if you're going to actually adopt the seats. We help businesses sort this out — our SaaS implementation service covers Microsoft 365 right-sizing.
Read the Microsoft 365 blog →Google launches simplified Microsoft-to-Workspace migration tool for small businesses
Google announced last week the beta release of a streamlined migration path for small businesses moving from Microsoft 365 to Google Workspace, dramatically reducing the time and admin lift of switching identity providers and user data. At the same time, Google is folding NotebookLM into Workspace Studio as an AI knowledge source for automations, rolling out persistent Gemini instructions inside Docs, and giving administrators new controls to require explicit participant consent before automatic note-taking, recording, or transcription begins in Meet.
Why it matters for your business: Two practical takeaways. First, if you've been on the fence about Workspace vs. Microsoft 365, the switching cost just dropped — though for most SMBs, the right platform is the one your team will actually use well, not the one with the latest feature. Second, the new Meet consent controls matter for any business that records calls. With Illinois's strict two-party consent law (BIPA-adjacent for voice/biometric data), automatically transcribing meetings without explicit consent has real legal exposure. Turn the new admin control on. Our Microsoft 365 vs Google Workspace comparison walks through the decision framework.
Read the Workspace recap →TechChicago Week kicks off May 19 — Chicago Tech Forum and TECHSPO converge on Soldier Field
Chicago's biggest tech week of the spring lands next Tuesday. The 2026 Chicago Tech Forum runs May 19 at the Foundation Room at House of Blues, with sessions focused on AI's reshaping of corporate hiring and how SMBs can adopt agentic AI without getting burned. TECHSPO Chicago co-locates May 19–20 at Soldier Field, drawing internet-tech, martech, and B2B SaaS vendors from across the Midwest. Both events are part of TechChicago Week, the local push to grow Chicago's tech ecosystem alongside the Discovery Partners Institute hub at 250 S. Wacker.
Why it matters for your business: If you've been thinking about evaluating an AI tool, a CRM upgrade, or a managed services provider, walking the TECHSPO floor for an afternoon is one of the most efficient uses of a day in Chicago tech. You'll see two dozen vendors in the time it would take to sit through one sales demo. Bring a short list of problems you're trying to solve (not "I want AI") — that's how you avoid going home with a sales rep's pitch deck and no plan. 312 IT Consulting is local; if you want a second opinion on anything you see, drop us a note.
See the TechChicago Week schedule →Need help navigating these changes?
312 IT Consulting helps small and mid-size businesses in Chicagoland cut through the noise and implement technology that actually moves the needle. Call us at (224) 382-4084 or book a free consultation.
Book a Free Consultation