Microsoft Copilot (Microsoft 365): Copilot Prompt Gallery - Share a prompt with a co-worker

🚨 The Signal: Copilot users can now share prompts, increasing collaboration but also the risk of sensitive data exposure or prompt injection if not properly governed. This impacts data handling and AI governance.

The Impact

All Copilot users are affected, increasing the risk of inadvertent sensitive data exposure and malicious prompt injection.

• End Users: Risk of accidentally sharing sensitive data within prompts.
• Security Team: Increased surface area for prompt injection attacks.
• Admins: Need to monitor and potentially restrict prompt sharing capabilities.
• Compliance Officers: New data handling considerations for AI interactions.

The Action

1. Review and update existing Copilot data governance policies to include prompt sharing.
2. Educate end-users on best practices for prompt creation and sharing, emphasizing data sensitivity.
3. Implement data loss prevention (DLP) policies to detect and prevent sensitive information in prompts.
4. Monitor Copilot usage logs for unusual prompt sharing patterns or content.
5. Evaluate Microsoft Purview capabilities for governing Copilot interactions and shared content.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps