Microsoft Purview: Insider Risk Management - Risky AI usage

🚨 The Signal: Purview Insider Risk Management now detects risky AI usage across Microsoft Copilots and third-party generative AI apps. This helps identify sensitive data exposure via prompts or responses, enhancing data loss prevention and contributing to Adaptive Protection.

The Impact

Security teams and data owners are affected by new capabilities to detect and prevent sensitive data leakage through generative AI.

• Security teams gain visibility into AI-related data risks.
• Data owners can better protect sensitive information from AI exposure.
• Compliance officers can demonstrate improved data governance for AI.
• Users may face increased scrutiny over AI prompt content and responses.

The Action

1. Review existing Insider Risk Management policies for AI-related data loss scenarios.
2. Configure new Insider Risk Management policies to specifically target risky AI usage, including sensitive prompts and responses.
3. Integrate AI usage detections with Adaptive Protection to dynamically adjust user risk levels.
4. Educate users on acceptable AI usage policies, particularly regarding sensitive information in prompts and handling AI-generated content.
5. Monitor Purview Insider Risk Management dashboards for alerts related to risky AI usage and investigate incidents promptly.

Domain: Purview · Impact: high · Workload: Microsoft Purview