Microsoft Copilot (Microsoft 365): SharePoint agent web part

🚨 The Signal: SharePoint site authors can embed Copilot agents directly into pages via a new web part. This increases agent accessibility, but also expands the attack surface for prompt injection and unauthorized data access if not properly governed.

The Impact

SharePoint site authors and end-users are affected, increasing the risk of prompt injection and unauthorized data access via embedded agents.

• SharePoint Authors: Can embed agents, increasing responsibility for secure configuration.
• End-Users: Interact with agents, raising prompt injection and data exposure risks.
• Security Teams: Must monitor agent interactions for anomalous behavior and data exfiltration.
• Data Owners: Data accessible by agents faces increased exposure risk if not properly scoped.

The Action

1. Review and enforce Copilot data access policies to ensure agents only access authorized data.
2. Implement strict SharePoint site permissions to control who can embed agent web parts.
3. Educate SharePoint authors on secure agent configuration and prompt engineering best practices.
4. Monitor Copilot audit logs for unusual agent interactions or data access patterns.
5. Develop incident response playbooks for prompt injection and agent-related data breaches.

Domain: Agentic-AI · Impact: high · Workload: SharePoint