Microsoft Copilot (Microsoft 365): Copilot extensibility – Developers can create, test and update custom engine agents to run in Microsoft 365 Copilot and Teams

🚨 The Signal: Developers can now create and deploy custom AI agents within Microsoft 365 Copilot and Teams. This significantly expands Copilot's capabilities but introduces new attack surfaces and governance challenges for autonomous agent identities and data access.

The Impact

Developers and security teams are affected, facing risks from unmanaged agent identities, data exfiltration, and prompt injection vulnerabilities.

• Developers: Can build powerful agents, but must secure their code and data access.
• Security Teams: Must govern new agent identities and their permissions.
• Data Owners: Risk of sensitive data exposure if agents are misconfigured or malicious.
• Compliance Officers: New audit trails and data handling processes are required for agent actions.

The Action

1. Establish a policy for custom Copilot agent development and deployment.
2. Implement a review process for all custom agents before production deployment.
3. Define least-privilege access for agent identities within Entra ID.
4. Monitor agent activity and data access using Microsoft Purview and Defender for Cloud Apps.
5. Educate developers on secure coding practices for AI agents, including prompt injection prevention.

Domain: Agentic-AI · Impact: high · Workload: Other · Essential Eight: Application Control, Restrict Administrative Privileges · ISM: ISM-0445, ISM-0843, ISM-1175, ISM-1380, ISM-1490, ISM-1507, ISM-1508, ISM-1509, ISM-1544, ISM-1582, ISM-1647, ISM-1648, ISM-1650, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1686, ISM-1688, ISM-1689, ISM-1870, ISM-1871, ISM-1883, ISM-1897, ISM-1898