Microsoft Copilot (Microsoft 365): Add custom insights to record summaries in Sales agent
🚨 The Signal: Copilot's Sales agent can now integrate custom data from non-CRM systems into account and opportunity summaries. This expands the data accessible to AI agents, increasing potential for data exposure and prompt injection risks.
The Impact
Sales teams using Copilot are affected, with a heightened risk of sensitive data exposure and prompt injection due to expanded data integration.
- Sales users: Increased exposure to potentially sensitive data from disparate systems.
- Security teams: New vectors for prompt injection attacks via integrated custom data.
- Data owners: Broader data sharing with AI agents requires re-assessment of data classification.
- Compliance officers: Expanded data scope necessitates review of data handling and retention policies.
The Action
- Review and classify all data sources integrated with Copilot Sales agent for sensitivity.
- Implement strict data loss prevention (DLP) policies for Copilot interactions with custom data.
- Educate sales users on secure prompting practices and data handling within Copilot.
- Regularly audit Copilot agent interactions and data access logs for anomalies.
- Assess and update existing data governance policies to cover new Copilot data integrations.
Domain: Agentic-AI · Impact: high · Workload: Other