Microsoft Copilot (Microsoft 365): Agents in Copilot Chat available on Edge Sidebar

🚨 The Signal: Copilot agents are now available in the Edge Sidebar, allowing users to delegate tasks directly from their browser. This expands the attack surface for agentic AI and increases the risk of data exfiltration or unauthorized actions via prompt injection.

The Impact

All users are affected, increasing the risk of data exposure and unauthorized actions through agentic AI.

• End users face increased risk of accidental data exposure via agent prompts.
• Security teams must monitor for new prompt injection attack vectors.
• Admins need to review and update data loss prevention policies for agent interactions.
• Organisations face compliance challenges with autonomous agent actions.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot agent interactions.
2. Implement Conditional Access policies to restrict Copilot agent access based on device compliance or location.
3. Educate users on secure prompting practices and the risks of sharing sensitive data with agents.
4. Monitor Microsoft 365 audit logs for unusual Copilot agent activity.
5. Establish a governance framework for agentic AI, including acceptable use and data handling.

Domain: Agentic-AI · Impact: high · Workload: Other