Is your organisation making confidential data public via 'open' Copilot Agents?

Here's a fascinating post from cybersecurity Dor Attias who, writing on Medium, discusses how he and his colleagues have managed to systematically extract confidential data from Copilot Studio implementations.

Dor's approach has nothing to do with Microsoft's cybersecurity capabilities – and everything to do with the equivalent of 'leaving the key in the door'.

If you're responsible for cybersecurity (or similar) and your colleagues are busy driving an Agentic future by deploying various Copilot agents, do have a read of Dor's post (the first in a series).

Dor explains how he and colleagues were able to systematically hunt for Copilots that are publicly available and then query them. In the examples Dor has screenshotted, you can see the agent readily replying to questions about one multi-billion dollar organisation's financial records.

This is, as the phrase goes, less than ideal, especially if you're in charge of cybersecurity and data confidentiality.

Here's Dor's call to action:

Review all agents across all platforms, including Copilot Studio.
Ensure proper configuration for each agent.
Enable authentication for agents that should not be exposed.
Verify that agents meant to be exposed are not connected to overly sensitive data.

If I was in my previous executive positions, I would be doing this today and then I'd be making sure this is something we're constantly checking for.

Dor's last call to action? A handy service that he and his team have built:

We’ve built a tool that lets you scan your organization Copilot Studio from the outside. Check it out! http://uncoveragent.com