Microsoft Copilot (Microsoft 365): Receive coaching on your writing in Copilot in Word

🚨 The Signal: Copilot in Word now offers AI-powered writing coaching, reviewing content for structure, flow, and tone. This introduces new avenues for sensitive information exposure through AI processing and potential for prompt injection.

The Impact

All users are affected, increasing the risk of inadvertent sensitive data exposure and prompt injection vulnerabilities within Word documents.

• End-users: Risk of sensitive data exposure through AI processing.
• Security Teams: Increased surface area for prompt injection attacks.
• Data Owners: New considerations for data residency and AI processing of classified information.
• Compliance Teams: Need to update data handling and AI usage policies.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot interactions.
2. Educate users on responsible AI usage, data sensitivity, and prompt engineering best practices.
3. Assess existing data classification labels for their applicability to AI-processed content.
4. Monitor Copilot usage logs for unusual activity or potential data exfiltration attempts.
5. Evaluate Microsoft Entra Conditional Access policies for Copilot access based on device compliance or location.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps