Microsoft Copilot (Microsoft 365): Engage customers across multiple channels (web, voice, SMS & email)

🚨 The Signal: Microsoft Copilot can now engage customers across web, voice, SMS, and email. This expands the attack surface for AI agents and increases the risk of data exposure and social engineering.

The Impact

Security teams and AI governance teams are affected by the increased risk of data exposure and social engineering through multi-channel AI agent interactions.

  • Security teams face new risks from expanded AI agent communication channels.
  • AI governance teams must update policies for multi-channel agent interactions.
  • Data privacy officers need to assess data handling across new communication vectors.
  • Incident response teams must prepare for potential social engineering via AI agents.

The Action

  1. Review and update AI governance policies to include multi-channel communication guidelines for Copilot agents.
  2. Implement data loss prevention (DLP) policies specifically for Copilot agent interactions across all new channels.
  3. Conduct security awareness training for employees on the risks of social engineering via AI-driven multi-channel communications.
  4. Establish monitoring and auditing mechanisms for Copilot agent interactions on web, voice, SMS, and email.
  5. Define incident response procedures for compromised Copilot agent interactions or data breaches across new channels.

Domain: Agentic-AI · Impact: high · Workload: Other