Microsoft Copilot (Microsoft 365): Use Agent 365 agents within Microsoft 365 Copilot Chat and Declarative Agents

🚨 The Signal: Agent 365 agents can now connect with Microsoft 365 Copilot Chat and Copilot Studio agents. This expands AI agent capabilities but introduces new attack surfaces for data exfiltration and unauthorised actions via agent-to-agent communication.

The Impact

Security teams and administrators are affected by new risks from interconnected AI agents, including data exposure and privilege escalation.

  • Security teams face new risks from agent-to-agent communication.
  • Administrators must manage expanded agent permissions and data access.
  • Users could inadvertently trigger unintended agent actions or data flows.
  • Organisations must reassess data governance for interconnected AI agents.

The Action

  1. Review and update Agent 365 agent permissions and data access policies in Microsoft 365 Admin Center.
  2. Implement strict data loss prevention (DLP) policies for agent-generated content and agent-to-agent communications.
  3. Establish a clear governance framework for Agent 365 and Copilot Studio agent interactions, including approval workflows.
  4. Monitor agent activity logs for unusual or unauthorised agent-to-agent communications and data access patterns.
  5. Educate users and developers on secure agent development and interaction best practices to prevent prompt injection and privilege escalation.

Domain: Agentic-AI · Impact: high · Workload: Other · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898