Microsoft Edge: Microsoft 365 Copilot Chat Summarization in Edge for Business Context Menu

🚨 The Signal: Edge for Business now offers Copilot Chat summarization in the context menu, allowing users to quickly summarise and query open web pages. This introduces new avenues for data exposure and potential prompt injection.

The Impact

All users are affected, increasing the risk of sensitive information exposure and prompt injection attacks through browser-based AI summarization.

• End-users face increased risk of inadvertently exposing sensitive data to Copilot.
• Security teams must monitor for new data exfiltration vectors via browser AI.
• Admins need to review browser policies to control Copilot's data access.
• Organisations face heightened risk of prompt injection attacks via web content.

The Action

1. Review Microsoft Edge browser policies for Copilot integration and data sharing settings.
2. Implement or update Data Loss Prevention (DLP) policies to monitor data shared with Copilot via Edge.
3. Educate users on responsible use of AI summarization, emphasising not to input sensitive data.
4. Assess existing AI governance frameworks for browser-based AI interactions and data handling.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860