Source: Microsoft Security Blog
Author: Microsoft Defender Security Research Team
URL: https://www.microsoft.com/en-us/security/blog/2026/02/12/copilot-studio-agent-security-top-10-risks-detect-prevent/
Detecting and mitigating common agent misconfigurations
ONE SENTENCE SUMMARY:
Agent misconfigurations in Copilot Studio create hidden access paths; use Defender hunting queries and governance controls to detect, mitigate.
MAIN POINTS:
- Rapid agent adoption increases exposure from mis-sharing, unsafe orchestration, and weak authentication.
- Broad organizational sharing expands attack surface and enables unintended sensitive actions.
- Unauthenticated agents become public entry points enabling unauthorized access and data leakage.
- Risky HTTP Request actions bypass connector governance, enabling insecure endpoints and privilege escalation.
- Email actions with AI-controlled inputs can enable prompt-injection-driven data exfiltration.
- Dormant agents, actions, and connections create forgotten attack surface with stale privileged access.
- Author (maker) authentication enables privilege escalation by running under creator permissions.
- Hardcoded credentials in topics/actions cause secret leakage and uncontrolled reuse.
- MCP tools can introduce undocumented integrations and unintended system interactions without oversight.
- Generative orchestration without instructions increases drift, prompt abuse, and unsafe action selection.
TAKEAWAYS:
- Run Microsoft Defender Advanced Hunting “AI Agents” community queries to surface misconfigurations early.
- Enforce Entra ID authentication and restrict sharing using Managed Environments and environment strategy.
- Prefer governed connectors over raw HTTP; apply data/advanced connector policies and enforce HTTPS.
- Reduce exfiltration paths by controlling email actions, adding runtime protection, and requiring human approvals.
- Establish lifecycle governance: inventory reviews, active ownership, deprecation/quarantine, and Key Vault-backed secrets.