Microsoft Copilot (Microsoft 365): Employee Self-Service Agent in M365 Copilot

🚨 The Signal: A new Copilot agent provides self-service for HR/IT, accessing internal knowledge bases and systems. This expands AI's access to sensitive data and systems, increasing the attack surface for data exfiltration and unauthorized actions via prompt injection.

The Impact

All users are affected by an increased risk of data exposure and unauthorized actions through AI agent misuse.

• End Users: Risk of sensitive data exposure if prompts are crafted to bypass controls.
• Security Teams: New attack vector for data exfiltration and privilege escalation via agent.
• HR/IT Teams: Potential for unauthorized actions or data access through agent misuse.
• Compliance Teams: Increased complexity in demonstrating data handling and access controls.

The Action

1. Review and define data access policies for Copilot agents to HR/IT systems.
2. Implement robust prompt engineering guidelines and guardrails for agent interactions.
3. Monitor Copilot agent activity logs for unusual data access or action patterns.
4. Conduct regular security assessments of agent integrations with systems of record.
5. Educate users on responsible interaction with AI agents and reporting suspicious behavior.

Domain: Agentic-AI · Impact: high · Workload: Other