All news with #microsoft copilot tag

🧭 Microsoft is piloting agentic AI in Edge for Business to streamline multi-step workflows like form-filling, site navigation, and cross-tab data gathering. A limited preview introduces a unified new-tab experience with calendar entries, files, and Copilot prompts to reduce context-switching. Enterprises can enforce data protections—blocking copy/paste, keeping prompts and responses inside their Microsoft 365 tenant, and auditing or blocking sensitive uploads. The features integrate with Purview to detect and prevent policy violations when users sign into Edge for Business.

🚀 At SAP Sapphire 2026, Microsoft and SAP announced expanded integrations to embed AI across SAP applications on Azure, emphasizing Microsoft IQ as a shared intelligence layer and agent-to-agent capabilities between Copilot and Joule. The updates include bi-directional, zero-copy delta sharing with SAP Business Data Cloud and Microsoft Fabric, sovereign cloud expansions, and an enlarged RISE with SAP acceleration program. These developments aim to move enterprises from experimentation to production-ready, governed AI at scale.

🔒 Microsoft previewed new Microsoft Defender capabilities within the Agent 365 tooling gateway to give security teams near real-time visibility and control over agentic workflows, using webhook-based evaluation to detect, block, and investigate anomalous agent actions before execution. Separately, Microsoft Defender for Cloud now integrates with GitHub Advanced Security generally available to map code changes to production, prioritize alerts using runtime context, and enable coordinated remediation. A hands-on Microsoft Purview demo demonstrates AI-powered data security investigations across the data estate.

🛠️ Microsoft now allows IT administrators to uninstall the AI-powered Microsoft Copilot app from managed enterprise devices using the new RemoveMicrosoftCopilotApp policy setting, broadly available after the April 2026 Patch Tuesday. The setting is provided as a Policy CSP and Group Policy for endpoints managed via Microsoft Intune or SCCM, and applies only to Windows 11 25H2 devices where both Microsoft 365 Copilot and Microsoft Copilot are installed, the user did not install the Copilot app, and it has not been launched in the last 28 days. If enabled, the app will be uninstalled in a non-disruptive way; users can still re-install it if they choose.

🔐 Capsule Security researchers discovered prompt-injection flaws in Microsoft Copilot Studio and Salesforce Agentforce that allow attackers to inject malicious instructions via standard input fields. In Copilot, a crafted payload in a SharePoint form field can overwrite agent instructions and exfiltrate SharePoint data; Microsoft has released a patch (CVE-2026-21520). In Agentforce, attackers can embed directives in public lead forms that an agent with email or query capabilities may execute, enabling broad CRM data leakage.

⚠️ Security researchers at Capsule Security disclosed prompt-injection vulnerabilities in Microsoft Copilot Studio and Salesforce Agentforce that let attackers embed malicious instructions in public form fields. Crafted inputs submitted via SharePoint or lead forms can override agent instructions and trigger data exfiltration to attacker-controlled endpoints. Microsoft patched the SharePoint-related issue (CVE-2026-21520) with a 7.5 CVSS score; Salesforce acknowledged the problem but described the vector as configuration-specific. Researchers warn that treating external inputs as trusted undermines autonomous agent security and urge input validation, least-privilege, and stricter outbound controls.

🔐 This post summarizes the OWASP Top 10 for Agentic Applications (2026) and explains how Microsoft applies practical mitigations using Copilot Studio and Agent 365. It highlights that agentic systems merge application, identity, and data risk and can act autonomously across workflows, amplifying the consequences of failures. The article lists ten failure modes — including goal hijack, tool misuse, identity abuse, memory poisoning, and rogue agents — and outlines development and operational controls such as containment, scoped permissions, observability, and lifecycle governance to reduce exploitation and cascading impact.

🤖 Flare's analysis of hundreds of fraud-forum posts finds premium AI subscriptions (including ChatGPT, Claude, and Microsoft Copilot) are widely advertised, bundled, and resold in underground markets. Listings tout discounted subscriptions, multi-service bundles, API keys, and claims of reduced restrictions. Patterns point to exposed keys, credential theft, large-scale account creation, trial abuse, and shared subscriptions fueling the trade, increasing operational and data risk for organizations.

🛡️ This ThreatsDay round-up highlights critical developments including a patched OpenSSL CMS stack buffer overflow (CVE-2025-15467), multiple Foxit/Apryse PDF engine vulnerabilities, and a Microsoft 365 Copilot DLP bypass that allowed summarization of confidential drafts and Sent Items until a Feb 3, 2026 fix. The bulletin also details LockBit 5.0's cross-platform evolution, macOS social-engineering and stealer campaigns, widespread RMM abuse, and active exploitation of Ivanti EPMM flaws. Defenders should prioritize patching, audit cloud and RMM exposures, rotate credentials, and avoid using LLMs to generate secrets.

⚠️ Check Point Research warns attackers can misuse web-based AI assistants such as Grok and Microsoft Copilot to create covert, bidirectional command-and-control channels. By abusing built-in web-browsing and URL-fetch capabilities, malware can instruct an AI web interface to retrieve content from attacker-controlled URLs and return embedded commands without requiring API keys or authenticated accounts. Because many organizations treat AI domains as trusted outbound traffic and apply limited inspection, these C2 flows can blend into routine HTTPS sessions and evade traditional network controls.

🛡️ Researchers at Check Point demonstrated that AI assistants with web browsing and URL-fetching capabilities can be abused as intermediaries for stealthy command-and-control (C2) communication. In their proof-of-concept, malware used Windows WebView2 to load AI services such as Grok and Microsoft Copilot, fetching attacker-controlled URLs whose content the assistant returned and the malware parsed for instructions. Because the PoC required no account or API keys, this relay can blend into trusted traffic and complicate network-level blocking and attribution; platform safeguards exist but can be evaded through obfuscation.

🛡️ AI assistants with web-browsing features can be abused as covert command-and-control (C2) relays. Check Point Research found that platforms such as Grok and Microsoft Copilot can be prompted to fetch attacker-controlled URLs and return embedded instructions, effectively acting as a proxy without requiring an API key or account. Attackers can tunnel encoded data via URL parameters and receive commands in the assistant's summary, disguising malicious traffic as routine AI usage.

⚠️Microsoft says a bug in Microsoft 365 Copilot has been summarizing confidential emails since late January, bypassing organizations' configured data loss prevention (DLP) safeguards. The flaw affected the Copilot 'work tab' chat and improperly read messages stored in Sent Items and Drafts, including those with sensitivity labels intended to block automated processing. Microsoft attributes the behavior to a code error, began rolling out a fix in early February, and is monitoring deployment while contacting a subset of impacted users. The company has not yet disclosed the full scope or number of affected organizations and has flagged the incident as an advisory.

⚠️ Microsoft Copilot and xAI Grok can be abused as stealthy command-and-control relays by exploiting their web-browsing and URL-fetch features, a technique Check Point calls AI as a C2 proxy. In demonstrations, implanted malware issues crafted prompts that cause the AI agent to fetch attacker-controlled URLs and return executable responses, creating a bidirectional channel without requiring API keys or registered accounts. The method enables dynamic code generation, reconnaissance and evasion, and can blend malicious traffic into legitimate enterprise communications, complicating detection and response.

🔒 The Microsoft Defender Security Research Team describes the top 10 misconfigurations that make Copilot Studio agents risky across enterprises. The post explains how small choices — broad sharing, weak authentication, raw HTTP calls, hard-coded secrets, orphaned agents, and unconstrained orchestration — create exploitable paths. It includes Advanced Hunting Community Queries to detect these issues and a short mitigation checklist to reduce exposure. The guidance stresses treating agents as production assets with lifecycle governance and least-privilege controls.

🔒 Join Microsoft at RSAC 2026 (March 22–26) to learn how AI agents are reshaping both opportunity and risk and what defenders must do next. Microsoft previews its vision for Ambient and Autonomous Security and highlights solutions like Agent 365 that deliver observability and protection across the AI stack. Attend Microsoft Pre-Day keynotes, executive roundtables, booth demos, and hands-on experiences to get practical guidance, product demos, and partner insights.

🧰 Microsoft is rolling out AI enhancements to Notepad and Paint for Windows 11 Insiders in the Canary and Dev channels. Notepad now streams AI-generated previews for Write, Rewrite, and Summarize and adds expanded Markdown formatting and a welcome screen to surface new features. Paint introduces an AI-powered Coloring Book for Copilot+ PCs and a fill tolerance slider for finer control. Both features require Microsoft account sign-in and can be disabled or uninstalled.

🔐 Researchers at Varonis Threat Labs uncovered 'Reprompt', a one-click attack that abuses Microsoft Copilot Personal by embedding prompts in URLs and using follow-up server requests to exfiltrate data. It combines a URL 'q' parameter injection, a double-request bypass of initial sanitization, and chained server instructions to siphon conversation history and files without further user interaction. Microsoft issued a patch; organizations should treat prefilled prompts as untrusted and enforce continuous authentication, least privilege, prompt hygiene, auditing, and anomaly detection.

🔒 Cybersecurity researchers disclosed a novel method called Reprompt that can enable single-click data exfiltration from AI chatbots, notably Microsoft Copilot, while bypassing typical enterprise controls. The technique exploits the Copilot q URL parameter to inject instructions from a link, then uses repeated requests and a remote attacker server to continue covert fetching and return of sensitive data with no further user interaction. Microsoft says it addressed the issue and that Microsoft 365 Copilot enterprise customers are not affected, but researchers warn the approach turns Copilot into an invisible exfiltration channel.

⚠️ Security researchers at Varonis disclosed a vulnerability, dubbed Reprompt, that could let attackers hijack a user's Copilot Personal session by embedding malicious instructions in a URL. The attack leverages the 'q' URL parameter to inject prompts that execute when the page loads, then uses chained server-side follow-up requests to maintain access and exfiltrate data after a single click. Varonis reported the issue to Microsoft on August 31, and Microsoft issued a fix on the January 2026 Patch Tuesday; users should apply the latest Windows update promptly.