Microsoft Copilot (Microsoft 365): Copilot extensibility – Developers can use TypeSpec as an authoring experience

🚨 The Signal: Developers can now use TypeSpec to build Copilot plugins and declarative agents. This expands the attack surface for custom Copilot functionalities, requiring vigilance over agent identities and permissions.

The Impact

Developers and Security Teams are affected by the increased risk of insecure custom Copilot agents and plugins.

• Developers: New tool for building agents, increasing responsibility for secure coding.
• Security Teams: Expanded attack surface for custom Copilot agents requires new security reviews.
• Admins: Need to manage and monitor permissions for new agent identities.
• Organisations: Increased risk of data exposure or misuse via vulnerable custom agents.

The Action

1. Establish a Copilot extensibility governance policy, including security review for all custom agents/plugins.
2. Implement a secure development lifecycle (SDL) for all Copilot extensions using TypeSpec.
3. Review and restrict permissions for all custom Copilot agent identities in Entra ID.
4. Monitor Copilot audit logs for unusual activity related to custom agents and plugins.
5. Educate developers on secure coding practices for AI agents and plugin development.

Domain: Agentic-AI · Impact: high · Workload: Other · Essential Eight: Application Control, Restrict Administrative Privileges · ISM: ISM-0445, ISM-0843, ISM-1175, ISM-1380, ISM-1490, ISM-1507, ISM-1508, ISM-1509, ISM-1544, ISM-1582, ISM-1647, ISM-1648, ISM-1650, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1686, ISM-1688, ISM-1689, ISM-1870, ISM-1871, ISM-1883, ISM-1897, ISM-1898