Microsoft Copilot (Microsoft 365): Copilot extensibility – Developers can build custom engine agents with the Microsoft 365 Agents SDK

🚨 The Signal: Developers can now build custom AI agents using the Microsoft 365 Agents SDK, deployable across Microsoft 365 Copilot and other platforms. This introduces new attack surfaces and governance challenges for autonomous AI identities.

The Impact

Developers and Security Teams are affected by the introduction of custom AI agents, creating new risks for data access, privilege escalation, and prompt injection.

• Developers: New tools to build custom agents, increasing responsibility for secure coding.
• Security Teams: New autonomous identities to govern, monitor, and secure against misuse.
• Data Owners: Increased risk of unauthorised data access or exfiltration by custom agents.
• Compliance Teams: New challenges in auditing and proving compliance for AI-driven actions.

The Action

1. Review and implement Microsoft's guidance for securing custom AI agents and their identities.
2. Establish clear policies for custom agent development, deployment, and data access within Microsoft 365.
3. Implement robust monitoring and auditing for custom agent activities, especially those with data access.
4. Define and enforce least privilege principles for custom agent identities and their permissions.
5. Educate developers on secure AI development practices, including prompt injection prevention.

Domain: Agentic-AI · Impact: high · Workload: Other · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898