< ciso
brief />
Tag Banner

All news with #microsoft copilot tag

56 articles

Microsoft fixes Copilot button disappearance in Outlook

🛠️ Microsoft has resolved an issue that caused the Copilot Chat and Copilot buttons to vanish in Classic Outlook for Windows users with the Copilot Chat (Basic) license. Affected users might have seen the button missing from the top-right ribbon, the left app bar, or More Apps, and some Copilot commands appeared unavailable or unresponsive. The Outlook Team implemented a service change on June 29, 2026, and recommends restarting Outlook or updating to the latest build; workarounds include reverting to the prior Current Channel build or using new Outlook/OWA. The company is also investigating Outlook crashes tied to Kaspersky's Mail Checker module and advises contacting Kaspersky support if impacted.
read more →

Defending AI Memory: Microsoft’s Multi‑Layer Strategy

🔒 Microsoft outlines a defense-in-depth approach to protect AI memory across storage, retrieval, model interaction, and user control. The post explains how memory transforms AI from stateless tool to learning collaborator, increasing attack surface and enabling staged attacks that persist beyond initial prompts. It summarizes protections in M365 Copilot including prompt-injection classifiers, Task Adherence checks, tenant policy controls, unified compliance, and audit logging integrated with Defender and Sentinel.
read more →

SearchLeak shows broader AI prompt injection risk

🔒 A proof-of-concept called SearchLeak demonstrated a prompt injection attack against Microsoft M365 Copilot Enterprise that tricks users into clicking crafted links to exfiltrate corporate data. Researchers combined three weaknesses in Copilot Search — including URL query parameters treated as natural language prompts — to leak sensitive content. Microsoft patched the server-side flaw, but the incident highlights risks when AI services access broad corporate assets and the need for render-time sanitization and stricter CSPs.
read more →

One-click Microsoft 365 Copilot SearchLeak flaw

🔎 Researchers at Varonis chained three bugs into a one-click exfiltration path dubbed SearchLeak that could have pulled emails, calendar entries, and indexed files from Microsoft 365 Copilot Enterprise Search. Because the malicious link used a legitimate microsoft.com domain, URL filters and anti-phishing tools were unlikely to block it. Microsoft assigned CVE-2026-42824, mitigated the issue on its backend, and Varonis released a proof-of-concept without observed exploitation.
read more →

Critical SearchLeak flaw in Microsoft 365 Copilot

🔒 Microsoft fixed a critical vulnerability chain named SearchLeak in Microsoft 365 Copilot Enterprise that could let attackers exfiltrate mailbox, OneDrive, and SharePoint data via a single crafted URL. Researchers at Varonis chained a parameter-to-prompt injection, an HTML rendering race condition, and a Bing SSRF-based CSP bypass to make Copilot fetch and leak sensitive content. The issue was addressed as CVE-2026-42824 and requires no user action now that Microsoft patched it.
read more →

Reconstructing AI activity for investigations

🔍 Microsoft outlines a structured approach to investigate AI interactions across Microsoft 365 Copilot and Azure AI services, emphasizing telemetry from Purview, Defender, and Sentinel. The new investigator playbook follows a scope–context–signal methodology to identify who interacted with AI systems, what resources were accessed, and when events occurred. It operationalizes detection logic, KQL queries, and schema references to help response teams build coherent investigative narratives and assess impact.
read more →

Threat actors exploit AI branding in social engineering

🛡️ Microsoft Threat Intelligence describes campaigns that impersonate popular AI platforms such as ChatGPT, Copilot, and Claude to lure victims via phishing, malvertising, and SEO abuse. These operations use trusted branding, redirect chains, and urgency-driven messaging to steal credentials, commit fraud, or deliver malware. The blog emphasizes abuse of brand names rather than service compromise and recommends leveraging AI-powered security for detection and response.
read more →

How to disable AI features across major platforms

🛡️ This article provides practical, step-by-step tactics for detecting and disabling built-in AI features in popular enterprise platforms including Microsoft Copilot, Google Gemini, Chrome, and Apple Intelligence. It covers detection via logs and admin consoles, recommended policy settings in Microsoft 365, Group Policy, Chrome Enterprise, Google Workspace, and MDM profiles for Apple, plus network-level blocks and caveats about potential feature breakage. The guidance emphasizes granular controls, SKU management, and layered protections such as NGFW/web-filter rules and application control.
read more →

LayerX Report Reveals Concentrated Enterprise AI Risk

🔍 The LayerX Security State of AI Usage Report 2026 finds enterprise AI risk is concentrated among a small set of power users and a few dominant platforms, while usage fragments across personal accounts, browser extensions, embedded copilots, and connectors. The study shows ChatGPT still dominates conversations, Copilot M365 is growing, and consumer AI like Gemini is often used via personal accounts. Shadow AI now spans a long tail of under-the-radar tools and extensions that evade corporate visibility and governance.
read more →

Microsoft adds agentic AI to Edge for Business

🧭 Microsoft is piloting agentic AI in Edge for Business to streamline multi-step workflows like form-filling, site navigation, and cross-tab data gathering. A limited preview introduces a unified new-tab experience with calendar entries, files, and Copilot prompts to reduce context-switching. Enterprises can enforce data protections—blocking copy/paste, keeping prompts and responses inside their Microsoft 365 tenant, and auditing or blocking sensitive uploads. The features integrate with Purview to detect and prevent policy violations when users sign into Edge for Business.
read more →

Microsoft and SAP Advance Enterprise AI on Azure, Sapphire

🚀 At SAP Sapphire 2026, Microsoft and SAP announced expanded integrations to embed AI across SAP applications on Azure, emphasizing Microsoft IQ as a shared intelligence layer and agent-to-agent capabilities between Copilot and Joule. The updates include bi-directional, zero-copy delta sharing with SAP Business Data Cloud and Microsoft Fabric, sovereign cloud expansions, and an enlarged RISE with SAP acceleration program. These developments aim to move enterprises from experimentation to production-ready, governed AI at scale.
read more →

Microsoft Security: New Agent 365 and Defender Integrations

🔒 Microsoft previewed new Microsoft Defender capabilities within the Agent 365 tooling gateway to give security teams near real-time visibility and control over agentic workflows, using webhook-based evaluation to detect, block, and investigate anomalous agent actions before execution. Separately, Microsoft Defender for Cloud now integrates with GitHub Advanced Security generally available to map code changes to production, prioritize alerts using runtime context, and enable coordinated remediation. A hands-on Microsoft Purview demo demonstrates AI-powered data security investigations across the data estate.
read more →

Admins Can Now Uninstall Copilot from Windows 11 Enterprise

🛠️ Microsoft now allows IT administrators to uninstall the AI-powered Microsoft Copilot app from managed enterprise devices using the new RemoveMicrosoftCopilotApp policy setting, broadly available after the April 2026 Patch Tuesday. The setting is provided as a Policy CSP and Group Policy for endpoints managed via Microsoft Intune or SCCM, and applies only to Windows 11 25H2 devices where both Microsoft 365 Copilot and Microsoft Copilot are installed, the user did not install the Copilot app, and it has not been launched in the last 28 days. If enabled, the app will be uninstalled in a non-disruptive way; users can still re-install it if they choose.
read more →

Copilot and Agentforce Vulnerable to Prompt Injection

🔐 Capsule Security researchers discovered prompt-injection flaws in Microsoft Copilot Studio and Salesforce Agentforce that allow attackers to inject malicious instructions via standard input fields. In Copilot, a crafted payload in a SharePoint form field can overwrite agent instructions and exfiltrate SharePoint data; Microsoft has released a patch (CVE-2026-21520). In Agentforce, attackers can embed directives in public lead forms that an agent with email or query capabilities may execute, enabling broad CRM data leakage.
read more →

Prompt-Injection Flaws in Copilot Studio and Agentforce

⚠️ Security researchers at Capsule Security disclosed prompt-injection vulnerabilities in Microsoft Copilot Studio and Salesforce Agentforce that let attackers embed malicious instructions in public form fields. Crafted inputs submitted via SharePoint or lead forms can override agent instructions and trigger data exfiltration to attacker-controlled endpoints. Microsoft patched the SharePoint-related issue (CVE-2026-21520) with a 7.5 CVSS score; Salesforce acknowledged the problem but described the vector as configuration-specific. Researchers warn that treating external inputs as trusted undermines autonomous agent security and urge input validation, least-privilege, and stricter outbound controls.
read more →

Addressing the OWASP Top 10 Risks in Agentic AI with Copilot

🔐 This post summarizes the OWASP Top 10 for Agentic Applications (2026) and explains how Microsoft applies practical mitigations using Copilot Studio and Agent 365. It highlights that agentic systems merge application, identity, and data risk and can act autonomously across workflows, amplifying the consequences of failures. The article lists ten failure modes — including goal hijack, tool misuse, identity abuse, memory poisoning, and rogue agents — and outlines development and operational controls such as containment, scoped permissions, observability, and lifecycle governance to reduce exploitation and cascading impact.
read more →

Paid AI Accounts Now a Hot Underground Commodity Market

🤖 Flare's analysis of hundreds of fraud-forum posts finds premium AI subscriptions (including ChatGPT, Claude, and Microsoft Copilot) are widely advertised, bundled, and resold in underground markets. Listings tout discounted subscriptions, multi-service bundles, API keys, and claims of reduced restrictions. Patterns point to exposed keys, credential theft, large-scale account creation, trial abuse, and shared subscriptions fueling the trade, increasing operational and data risk for organizations.
read more →

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0‑Days, AI Flaws

🛡️ This ThreatsDay round-up highlights critical developments including a patched OpenSSL CMS stack buffer overflow (CVE-2025-15467), multiple Foxit/Apryse PDF engine vulnerabilities, and a Microsoft 365 Copilot DLP bypass that allowed summarization of confidential drafts and Sent Items until a Feb 3, 2026 fix. The bulletin also details LockBit 5.0's cross-platform evolution, macOS social-engineering and stealer campaigns, widespread RMM abuse, and active exploitation of Ivanti EPMM flaws. Defenders should prioritize patching, audit cloud and RMM exposures, rotate credentials, and avoid using LLMs to generate secrets.
read more →

Grok and Copilot Can Be Abused as Covert C2 Channels

⚠️ Check Point Research warns attackers can misuse web-based AI assistants such as Grok and Microsoft Copilot to create covert, bidirectional command-and-control channels. By abusing built-in web-browsing and URL-fetch capabilities, malware can instruct an AI web interface to retrieve content from attacker-controlled URLs and return embedded commands without requiring API keys or authenticated accounts. Because many organizations treat AI domains as trusted outbound traffic and apply limited inspection, these C2 flows can blend into routine HTTPS sessions and evade traditional network controls.
read more →

AI platforms can be abused for stealthy malware communication

🛡️ Researchers at Check Point demonstrated that AI assistants with web browsing and URL-fetching capabilities can be abused as intermediaries for stealthy command-and-control (C2) communication. In their proof-of-concept, malware used Windows WebView2 to load AI services such as Grok and Microsoft Copilot, fetching attacker-controlled URLs whose content the assistant returned and the malware parsed for instructions. Because the PoC required no account or API keys, this relay can blend into trusted traffic and complicate network-level blocking and attribution; platform safeguards exist but can be evaded through obfuscation.
read more →