Microsoft 365: Copilot Prompt Gallery - Share a prompt to a Microsoft Teams team

🚨 The Signal: Copilot users can now share custom prompts within Microsoft Teams. This increases the discoverability and reuse of prompts, potentially amplifying the risk of prompt injection or data exposure if insecure prompts are shared.

The Impact

All Copilot users are affected, increasing the risk of prompt injection and sensitive data exposure through shared prompts.

• End Users: Increased risk of prompt injection from untrusted shared prompts.
• Security Teams: New vector for data exfiltration and intellectual property leakage.
• Admins: Need to monitor and govern shared prompts to prevent misuse.
• Compliance Teams: Potential for non-compliance with data handling policies via shared prompts.

The Action

1. Review and update existing AI usage policies to specifically address prompt sharing and intellectual property.
2. Educate users on secure prompt engineering, data handling, and the risks of sharing sensitive information in prompts.
3. Implement data loss prevention (DLP) policies to detect and prevent sensitive data sharing via Copilot outputs or prompt content.
4. Monitor Copilot usage logs for unusual prompt sharing patterns or data access attempts.
5. Consider implementing a prompt governance framework to approve or curate shared prompts.

Domain: Agentic-AI · Impact: high · Workload: Teams