Experts Warn Microsoft Copilot Studio Agents Are Being Hijacked to Steal OAuth Tokens

Why It Matters

The exploit can give attackers unfettered access to sensitive Microsoft 365 data, posing a significant security threat to enterprises that use Copilot Studio, and highlights the urgent need for stronger governance and protective controls.