UiPath unveils integration to orchestrate Microsoft Copilot agents
UiPath has announced new capabilities that allow developers to connect and coordinate Microsoft Copilot Studio agents with UiPath and other third-party agents for enterprise automation.
The company has rolled out features enabling orchestration of Microsoft Copilot Studio agents alongside UiPath and third-party agents through UiPath Maestro, an enterprise orchestration platform designed to coordinate agents, robots, and people across complex business processes. With this integration, developers are now able to orchestrate Copilot Studio agents directly from Maestro.
This development expands upon the bi-directional integration previously announced between UiPath Platform and Microsoft Copilot Studio. This enables seamless interactions between UiPath and Microsoft agents and automations, supporting the automation of complex end-to-end processes, contextual decision-making, improved scalability, and enhanced productivity levels. The integration facilitates embedding UiPath automations and AI agents directly into Microsoft Copilot Studio, as well as incorporating Copilot agents within UiPath Studio, all orchestrated via Maestro.
Graham Sheldon, Chief Product Officer at UiPath, commented, "Our continued partnership with Microsoft enables millions of Microsoft users to take full advantage of the capabilities and flexibility offered by agentic automation and orchestration. The UiPath multi-agent, cross-system capability uniquely enables seamless interaction and collaboration across various enterprise systems and applications, breaking down siloes and enhancing overall operational efficiency."
Business processes often involve a combination of modern SaaS systems, legacy platforms, documents, desktop applications, and user actions. UiPath states that while several agentic platforms maintain 'walled garden' strategies, the company is focusing on establishing an open ecosystem intended to let customers prioritise business outcomes without being hindered by technology limitations. Through the bi-directional integration with Copilot Studio, Maestro offers built-in capabilities for managing and orchestrating agents from Microsoft Copilot Studio and other platforms in a controlled manner, aimed at delivering tangible business results.
Ramnath Natarajan, Director of Global Intelligent Automation & Integration at Johnson Controls, said, "You cannot automate a process in isolation; integrating across technology boundaries is necessary for real business impact."
Enterprises using Microsoft Copilot Studio agents and Power Automate for tasks like email monitoring, classification, and intelligent Q&A are seeing quantifiable returns by supplementing these processes with UiPath agentic automation. Johnson Controls, for example, upgraded an existing automation—initially developed with UiPath robots and Power Automate—by introducing a UiPath agent for confidence-based document extraction. According to the company, this modification resulted in a 500% return on investment and projected savings of 18,000 hours a year previously spent on manual document review.
Natarajan added, "This bi-directional integration harnesses the combined strengths of Microsoft Copilot and UiPath agents to fully automate complex workflows across documents, emails, PowerApps, and enterprise systems."
The integration also introduces features that allow customers to use coded agents built with LangGraph natively on the UiPath Platform without any code changes. This allows professional developers to build and test agents using Python tooling, leveraging UiPath benefits such as governance, security, evaluations, and operational support for LangChain agents.
Additionally, developers can utilise UiPath UI Agent for computer use, facilitating navigation in real-world enterprise interfaces. This tool, currently in private preview, interprets intent and autonomously plans and acts using computer use models and UiPath's UI Automation functionality.
UiPath and Microsoft have established a partnership centred on a shared agentic vision based on industry knowledge and customer choice. Their collaborations include enhanced availability of the Autopilot agent for Copilot for Microsoft 365 and Microsoft Teams, providing joint customers with access to UiPath automation capabilities across both platforms.
The two companies are also integrating Azure tools with UiPath agents using an MCP integration, as well as making AI foundry-powered models and capabilities accessible to customers through the UiPath Platform.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
4 days ago
- Techday NZ
New Relic & GitHub Copilot integration boosts DevOps speed
New Relic has announced an integration between its AI-powered observability platform and the GitHub Copilot coding agent to streamline software development workflows and improve application reliability. This integration aims to automate the traditional processes of change validation and incident response, enabling enterprises to accelerate software deployment cycles while maintaining system stability. The unified approach brings together proactive monitoring by New Relic and automated code remediation through GitHub Copilot's agentic capabilities. Describing the significance of the new technology, New Relic Chief Product Officer Manav Khurana said: "Agentic AI is poised to be a transformative technology for enterprise software developers and engineers, who are facing intense pressure to ship more innovations at a faster pace without sacrificing quality and reliability." He added: "With the innovative integration of New Relic's intelligent observability technology with GitHub Copilot coding agent, we are closing the loop on ensuring continued application health. Together with our long time partner GitHub, we are providing a new, agentic way for modern software development that uses the power of agentic AI to transform the way enterprises innovate." The combined solution leverages New Relic's continuous code deployment monitoring to automatically detect performance issues arising from recent changes. If an issue is identified, New Relic pinpoints the root cause and generates a comprehensive GitHub issue, complete with context for developers. Developers can then review this automated issue and, if deemed sufficient, delegate it to GitHub Copilot. Copilot analyses the issue, drafts a suggested code fix, and initiates a pull request for human review. After the fix is merged, New Relic validates the correction, completing the issue resolution cycle. This process aims to reduce the time required to resolve coding issues, allowing developers to dedicate more attention to impactful projects rather than repetitive troubleshooting tasks. Key benefits outlined by New Relic include automation of detection and validation processes, empowerment of engineers to focus on strategic work, quicker resolution of performance issues, and safer, faster deployment cycles. Julia Liuson, President, Developer Division at Microsoft, commented on the importance of collaborative integrations: "Millions of organisations rely on GitHub every day for software delivery. Our integrations with key partners like New Relic are instrumental in making our tools that much more scalable, reliable and intelligent. Together with key partners like New Relic we provide developers valuable insights and automation to enhance Agentic DevOps, driving innovation and efficiency across the software lifecycle." The GitHub Copilot coding agent integration builds upon the existing partnership between New Relic and both Microsoft and GitHub. According to New Relic, this expansion brings its agentic AI capabilities and critical observability data deeper into the developer workflow, delivering faster feedback and reducing the risk of code-related issues affecting business operations. The integration is currently available via New Relic as a limited preview, accessible to Copilot Pro+ and Copilot Enterprise account holders. GitHub Copilot coding agent is also available in preview for GitHub Copilot Enterprise and Pro+ customers.
Techday NZ
22-05-2025
- Techday NZ
SEO poisoning attack diverts wages using fake payroll websites
Cybersecurity firm ReliaQuest has released an analysis of a search engine optimisation (SEO) poisoning campaign that led to payroll fraud at a manufacturing sector client. The attack, which was discovered in May 2025, involved adversaries creating a fake website resembling the victim organisation's login page, specifically targeting employees' mobile devices. Using credentials obtained through this fraudulent site, the attacker accessed the company's payroll portal, altered direct deposit details, and diverted employees' wages into their own accounts. ReliaQuest's security researchers noted that the tactics, techniques, and procedures (TTPs) associated with this incident closely align with those observed in two investigations from late 2024. This suggests the operation may be part of a wider, ongoing campaign targeting multiple organisations. SEO poisoning is a technique in which attackers use deceptive websites designed to mimic legitimate portals. These malicious pages are promoted to rank highly in search engine results, luring victims into providing their credentials. In this recent case, when employees searched for terms related to payroll or their company's portal using a mobile device, the attacker's site would appear top in the results, significantly increasing the likelihood of a successful breach. The attackers targeted employee mobile devices for two main reasons: many of these devices connect through guest Wi-Fi or remain disconnected from secure enterprise networks, making it easier to evade enterprise-grade security measures such as web traffic filtering. Visits often occurred outside working hours, meaning activity was not logged by company systems, hindering investigation and making it difficult to trace affected accounts. ReliaQuest highlighted, "Phishing attacks targeting off-network devices, like mobile phones, create big challenges for organisations, as they expose gaps that on-premises and cloud networks often overlook. These devices typically lack proper security and logging, leaving organisations in the dark when employee credentials are stolen - and unable to act fast enough." Upon clicking the malicious link from a mobile device, users were redirected to a phishing site mimicking a Microsoft login page, while users accessing the page from a workstation saw no significant content. This approach complicated efforts to detect and analyse the fraudulent website, as it both evaded detection by security tools and disrupted threat analysis. Captured credentials were sent to an adversary-controlled site using a PHP script also observed in previous incidents, strengthening the link between these attacks. Immediately after credentials were entered, an HTTP GET request established a WebSocket connection via Pusher, a genuine platform for real-time web communication. The phishing site's code enabled the attacker to receive stolen credentials in real time, allowing them to act quickly before passwords were reset. ReliaQuest explained the significance: "This phishing attack exposes user credentials without any monitoring or safeguards to block the activity, leaving organisations completely in the dark. By using Pusher, the attacker gains quick access to authentication portals, reusing compromised credentials. This highlights a critical vulnerability: Organisations with lax authentication controls can be easily caught off guard by attacks targeting employees' off-network personal devices, where traditional security measures often fall short." After harvesting credentials, the attacker accessed the payroll system from a residential IP address tied to telecommunications services, reviewed documents related to direct deposit changes, and amended payroll information to divert funds. Security logs later revealed additional access attempts from both US-based and Russian IP addresses, one of which was blocked. The attacker ultimately relied on residential IPs, making their activities difficult to distinguish from legitimate network traffic. ReliaQuest found that traffic originated from home office routers and mobile networks, with many routers identified as brands commonly targeted for compromise. Weak passwords, unpatched firmware, and vulnerabilities such as CVE-2024-3080 and CVE-2025-2492 were exploited to form botnets, whose proxies were sold on criminal marketplaces. Proxy network services, sometimes costing as little as $0.77 per gigabyte, enable attackers to disguise their activities by using apparently trustworthy residential IPs. The report referenced law enforcement actions such as the FBI's investigation into the Anyproxy and 5socks botnet services, which together generated over $46 million in criminal revenue, illustrating the market demand for residential proxy services. The use of proxy networks prevents standard network-based security methods from flagging suspicious access. ReliaQuest stated, "When attackers use proxy networks, especially ones tied to residential or mobile IP addresses, they become much harder for organisations to detect and investigate. Unlike VPNs, which are often flagged because their IP addresses have been abused before, residential or mobile IP addresses let attackers fly under the radar and avoid being classified as malicious. What's more, proxy networks allow attackers to make their traffic look like it originates from the same geographical location as the target organisation, bypassing security measures designed to flag logins from unusual or suspicious locations." ReliaQuest recommends organisations strengthen security controls by requiring multifactor authentication (MFA) and using conditional access policies on payroll portals. Employees should be regularly educated about accessing payroll systems only through approved channels such as single sign-on (SSO), and be encouraged to bookmark official portal addresses rather than relying on search engines. Monitoring payroll changes and maintaining clear incident response procedures are also advised.
Techday NZ
22-05-2025
- Techday NZ
Cloudflare, Microsoft & police disrupt global malware service
Cloudflare, in partnership with Microsoft and international law enforcement, has helped dismantle the infrastructure supporting LummaC2, an information-stealing malware service regarded as a significant threat to users and organisations worldwide. This collaborative effort targeted key elements of the Lumma Stealer operation, resulting in the seizure, takedown and blocking of malicious domains, as well as disruption to digital marketplaces used by criminals to distribute and monetise stolen data. Cloudflare also banned a number of accounts used in the deployment and configuration of these domains, aiming to weaken the underlying ecosystem relied on by cybercriminals. Lumma Stealer, also known as LummaC2, operates as a subscription-based service that enables threat actors to access a central administrative panel through which they can acquire customised malware builds and retrieve data stolen from victims. Stolen information includes credentials, cryptocurrency wallets, cookies and various forms of sensitive data, which can subsequently facilitate identity theft, financial fraud and intrusions into both consumer and enterprise environments. Blake Darché, Head of Cloudforce One at Cloudflare, said: "Lumma goes into your web browser and harvests every single piece of information on your computer that could be used to access either dollars or accounts – with the victim profile being everyone, anywhere at any time. The threat actors behind the malware target hundreds of victims daily, grabbing anything they can get their hands on. This disruption worked to fully setback their operations by days, taking down a significant number of domain names, and ultimately blocking their ability to make money by committing cybercrime. While this effort threw a sizable wrench into the largest global infostealers infrastructure, like any threat actor, those behind Lumma will shift tactics and reemerge to bring their campaign back online." First observed on Russian-language crime forums in early 2023, Lumma Stealer's operations have increasingly shifted to Telegram, where cybercriminals buy access and share data using cryptocurrency. Logs of stolen credentials, known as "logs", are indexed and made available through Lumma's own marketplace or resold via other criminal networks. The spread of Lumma Stealer is primarily achieved through social engineering campaigns. These include deceptive pop-ups — part of a method called ClickFix — which trick users into executing malicious scripts, as well as by bundling payloads in cracked versions of legitimate software and distributing them via pay-per-install networks. The malware's developers invest in bypassing detection from antivirus solutions, increasing the risk to affected users and organisations. Cloudflare's disruption operations involved placing a Turnstile-enabled interstitial warning page on domains associated with Lumma's command and control servers as well as its marketplace. In addition to impeding access, Cloudflare collaborated with leading industry partners, including Microsoft, multiple registry authorities, the FBI, the U.S. Department of Justice, Europol's European Cybercrime Center, and Japan's Cybercrime Control Center. This was intended to ensure that the criminals could not simply migrate their infrastructure or regain control via alternative registrars. The tactics used by Lumma's operators relied on abusing infrastructure belonging to providers like Cloudflare, often to obscure the origin IP addresses of servers used to store stolen data. Cloudflare's Trust and Safety team repeatedly suspended malicious accounts and flagged illicit domains, escalating countermeasures after the malware was observed bypassing its initial warning pages. Mitigation advice for users and organisations includes restricting the execution of unknown scripts, limiting the saving of passwords in browsers, and employing reputable endpoint protection tools capable of detecting credential theft. Regular software updates, DNS filtering and user education around the risks of malvertising and fake software installers are also highlighted as part of a comprehensive defence strategy. By disrupting Lumma Stealer's infrastructure and limiting access to its command and control services, the operation has imposed significant operational and financial constraints on both the core operators and the wider criminal clientele. The disruption aims to undermine the infostealer-as-a-service model that has contributed to increased instances of cyber-enabled fraud, enterprise security breaches, and ransomware incidents.
