Experts Warn Microsoft Copilot Studio Agents Are Being Hijacked to Steal OAuth Tokens

Summary

Datadog Security Labs identified a new phishing method called CoPhish that hijacks Microsoft Copilot Studio agents (called Topics) to present fake login or consent flows, tricking users into granting OAuth permissions and handing attackers tokens that provide access to email, chat, calendar, files and automation within the victim’s tenant. The agents operate on legitimate Microsoft domains, making the deception harder to detect. Microsoft has confirmed the abuse and said it will issue product updates to harden governance and consent experiences. Immediate mitigations include restricting third‑party app consent, enforcing MFA and conditional access, blocking shared Copilot Studio agents, and monitoring and revoking suspicious OAuth tokens.