Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
A Black Hat conference talk that exposes security vulnerabilities in Microsoft Copilot Studio, the platform powering Microsoft's copilots and custom enterprise bots. Discover how these bots can be exploited to exfiltrate sensitive enterprise data by bypassing security controls like DLP through insecure defaults, overly permissive plugins, and design flaws. Learn how Copilot Studio's integration with GenAI expands the prompt injection attack surface, significantly impacting data integrity and confidentiality. The presenters introduce CopilotHunter, a recon and exploitation tool that scans for publicly accessible Copilots and leverages fuzzing and GenAI to extract sensitive enterprise data. The talk concludes with practical guidance on secure configurations and common mistakes to avoid when building copilots, both on Microsoft's platform and in general. Presented by Michael Bargury, CTO of Zenity, and Avishai Efrati, Senior Security Researcher at Zenity.
