Excel: =COPILOT Function

🚨 The Signal: A new =COPILOT function in Excel allows users to generate, classify, and summarize text and data directly within spreadsheets. This expands AI capabilities, increasing data handling risks and potential for sensitive information exposure.

The Impact

All users are affected, increasing the risk of sensitive data exposure and potential for prompt injection attacks.

• End users: Risk of unintentional exposure of sensitive data through AI summaries.
• Security team: Increased surface area for data exfiltration and prompt injection.
• Data owners: Potential for AI to process and summarize restricted data without explicit consent.
• Compliance officers: New challenges in auditing data flows and AI-generated content for compliance.

The Action

1. Review and enforce Microsoft Purview Data Loss Prevention (DLP) policies for Excel documents.
2. Educate users on responsible AI usage, data classification, and avoiding sensitive data in prompts.
3. Monitor Microsoft 365 audit logs for unusual Copilot activity in Excel.
4. Implement sensitivity labels for Excel documents containing sensitive data.
5. Assess and update existing data governance policies to include AI-generated content and data handling.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps