The advent and widespread acceptance of Large Language Models (LLMs), such as Microsoft Copilot, by organizations and even average consumers has created another surface threat area that cybersecurity teams must come to understand. To help with this process, Trustwave SpiderLabs conducted a Red Team exercise against a licensed version of Microsoft Copilot.

What is DSPM? Data Security Posture Management, or DSPM refers to the practice of assessing and managing an organization’s overall data security posture. It involves monitoring, evaluating, and continuously improving the effectiveness of data security controls and measures in place to protect sensitive information. What is Data Security Posture Management? It provides a holistic view of an organization’s data security status and helps identify vulnerabilities, gaps, and areas for improvement.

Artificial intelligence (AI) is revolutionizing most, if not all, industries worldwide. AI systems use complex algorithms and large datasets to analyze information, make predictions and adjust to new scenarios through machine learning – enabling them to improve over time without being explicitly programmed for every task.

While today’s AI is focused on user-agent interactions, the real revolution is on the horizon, where AI agents will increasingly communicate, collaborate, and share data amongst agents. This shift brings unprecedented opportunities and new and complex data protection challenges.

The Zenity Labs team has discovered that non-administrator users can modify existing flows that were connected to Einstein by an administrator, influencing Einstein without having the necessary permissions to edit it directly. In doing so, bad actors can easily insert malicious actions into flows that are triggered by business users throughout the enterprise, including phishing attacks, data exfiltration, and more.