Microsoft Copilot (Microsoft 365): Surveys Agent helps you build, run, and analyze surveys

🚨 The Signal: A new Copilot agent, 'Surveys Agent,' is available, assisting with survey creation, data collection, and analysis. This introduces a new vector for data handling and potential information disclosure via AI interactions.

The Impact

All users interacting with Copilot are affected, with a moderate security risk due to potential exposure of sensitive survey data through AI processing.

• End users: Risk of inadvertently exposing sensitive survey data to the AI.
• Security teams: Need to monitor data flows and AI interactions for compliance.
• Data owners: Must ensure survey data handled by AI aligns with classification policies.

The Action

1. Review and update data classification policies to include AI agent interactions.
2. Educate users on responsible use of AI agents with sensitive survey data.
3. Monitor Copilot audit logs for unusual data access patterns related to survey activities.

Domain: Agentic-AI · Impact: medium · Workload: Other