Microsoft Copilot (Microsoft 365): Microsoft 365 Copilot App - Ask M365 Copilot

🚨 The Signal: Copilot on Windows PCs can now be invoked via right-click on content, enabling direct AI interaction with local files. This expands the attack surface for data exfiltration and prompt injection, requiring stricter data governance.

The Impact

All users are affected, increasing the risk of sensitive data exposure and prompt injection attacks.

• End Users: Increased risk of inadvertently exposing sensitive data to Copilot.
• Security Teams: New vectors for data exfiltration and prompt injection attacks.
• Data Owners: Greater challenge in maintaining data confidentiality and integrity.
• Compliance Teams: Difficulty in demonstrating adherence to data handling policies.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to include Copilot interactions.
2. Implement or refine Microsoft Purview Information Protection (MIP) sensitivity labels for all sensitive content.
3. Educate users on responsible Copilot usage, emphasizing data sensitivity and prompt injection risks.
4. Monitor Copilot audit logs for unusual data access patterns or sensitive information processing.
5. Evaluate and configure Copilot data governance settings within the Microsoft 365 admin center.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps