_Brain_light_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop)
August 7, 2024 at 02:27PM
Enterprise usage of Microsoft’s Copilot Studio, a no-code chatbot creation tool, has surged within nine months of its release. However, security researcher Michael Bargury highlighted serious security vulnerabilities that could lead to data exfiltration and bypassing controls. Despite Microsoft addressing some issues, careful implementation and admin controls are essential to protect organizations.
Key takeaways from the meeting notes:
1. Enterprise usage of Microsoft’s Copilot Studio has significantly increased since its launch less than nine months ago.
2. Security researcher Michael Bargury highlighted the ease with which developers could inadvertently create Copilots that pose security risks, such as data exfiltration and bypassing policies.
3. The Copilot Creation tool, available to all users of the Microsoft 365 productivity suite, has facilitated the creation of AI assistants for workflow automation and more efficient meetings.
4. Chairman and CEO Satya Nadella reported a 60% growth in Copilot usage and a 70% increase in organizations using Copilot Studio, with notable customers including Carnival, Cognizant, Eaton, KPMG, Majesco, and McKinsey.
5. Initial security flaws were identified in the default settings of Copilot bots, leading to public accessibility without authentication and the potential for impersonation of users.
6. Microsoft has addressed the identified security issues and introduced new admin controls to prevent the inadvertent creation of insecure bot actions and sharing publicly.
7. The balance between productivity and security is a concern for Microsoft, with efforts focused on providing admins more control while driving growth and adoption of Copilot Studio.
8. Bargury presented CopilotHunter, a new module for the Power Pwn security tool set, designed to scan for open Copilot Studio bots and access the data behind them.
9. Bargury identified 15 security issues with Copilot Security, including unreliable and untrusted input, data leakage, oversharing sensitive data, unexpected execution paths, and more.
Overall, the meeting notes highlight the rapid adoption of Copilot Studio, the associated security challenges, and the efforts made by Microsoft to address these issues and enhance the platform’s security features.