Microsoft Edge: v.144 - Contextual nudges on address bar offering help summarizing webpages.

🚨 The Signal: Microsoft Edge will offer Copilot-powered webpage summaries directly from the address bar. This introduces a new vector for data exposure and potential prompt injection, impacting data governance and information protection policies.

The Impact

All users are affected by the potential for sensitive data exposure and prompt injection risks when summarizing web content.

• End Users: Risk of inadvertently exposing sensitive data to Copilot via webpage summaries.
• Security Teams: Increased surface area for data exfiltration and prompt injection attacks.
• Data Owners: Potential for sensitive information to be processed by Copilot without explicit consent or classification.
• Compliance Teams: New challenges in maintaining data sovereignty and compliance with information handling policies.

The Action

1. Review and update Microsoft Purview Data Loss Prevention (DLP) policies to monitor Copilot interactions.
2. Educate users on the risks of summarizing sensitive information with Copilot and best practices for data handling.
3. Implement Microsoft Edge policies to control Copilot features, if necessary, via Intune or Group Policy.
4. Monitor Microsoft 365 audit logs for unusual Copilot activity related to data summarization.
5. Assess existing data classification and labelling policies for applicability to Copilot-generated summaries.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860