Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

15 Ways to Break Microsoft Copilot Studio - Security Vulnerabilities and Mitigations

Ekoparty Security Conference via YouTube

Overview

Watch a 48-minute security conference talk from Ekoparty 2024 where experts Inbar Raz and Michael Bargury expose critical security vulnerabilities in Microsoft Copilot Studio. Discover how enterprise bots built with this platform can be exploited to leak sensitive data by bypassing Data Loss Prevention (DLP) controls through insecure defaults and over-permissive plugins. Learn about the increased attack surface created when enterprise data and operations are handled by generative AI, particularly through prompt injection attacks. Get introduced to CopilotHunter, a new reconnaissance and exploitation tool that identifies public Copilots and leverages fuzzing and generative AI techniques to extract confidential enterprise information. The presentation includes real findings from scanning thousands of accessible bots, revealing exposed sensitive data and corporate credentials. Conclude with practical guidance on secure configurations, common pitfalls to avoid when using Microsoft's platform, and broader insights for developing secure and reliable Copilot implementations.

Syllabus

15 Ways to Break Your Copilot - Inbar Raz & Michael Bargury - Ekoparty 2024

Taught by

Ekoparty Security Conference

Reviews

Start your review of 15 Ways to Break Microsoft Copilot Studio - Security Vulnerabilities and Mitigations

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.