Microsoft Edge: Ask Copilot about an image
🚨 The Signal: Edge Copilot can now analyze web images, sending them to Copilot for insights. This introduces a new vector for data exfiltration and sensitive information exposure if not properly governed.
The Impact
All users are affected, with a high risk of sensitive image data being inadvertently processed by Copilot.
- End users: Risk of unintentionally sending sensitive images to Copilot.
- Security Team: Increased surface area for data exfiltration and compliance violations.
- Admins: New policy controls required to manage data flow to Copilot.
- Organisations: Potential for non-compliance with data handling policies.
The Action
- Review and implement Edge policy 'EdgeEntraCopilotPageContext' to control image analysis.
- Review and implement Edge policy 'Microsoft365CopilotChatIconEnabled' to manage Copilot access.
- Communicate to users about responsible use of Copilot image analysis, especially with sensitive data.
- Update data handling policies to specifically address image processing by AI tools.
Domain: Agentic-AI · Impact: high · Workload: M365 Apps · Essential Eight: User Application Hardening · ISM: ISM-1412, ISM-1485, ISM-1486, ISM-1542, ISM-1585, ISM-1667, ISM-1668, ISM-1669, ISM-1670, ISM-1823, ISM-1824, ISM-1859, ISM-1860