Back to Blog

Setting a new standard for Enterprise GenAI Security with a comprehensive solution for Microsoft 365 Copilot

Itamar Golan
September 4, 2024

Hey there.

We have just announced the industry’s first comprehensive security and governance solution for Copilot for Microsoft 365. This solution allows organizations to preserve both internal and external data privacy when embedding Copilot into their organizational workflows. Additionally, it provides observability and monitoring over the full AI suite of Microsoft's productivity applications. This marks a significant milestone in GenAI Security for enterprise applications.

GenAI is rapidly spreading across organizations, expanding its use from web browsers to a variety of desktop native-based applications. It is increasingly becoming an integral part of daily workflows, often without the awareness of security teams, adding another layer of complexity to governance. In response to this, a few months ago, we introduced our lightweight agent for native desktop AI applications, which is already in use by several customers, including Fortune 500. Notably, we were the first vendor in the industry to support ChatGPT for desktop.

According to a recent Gartner's research, using Copilot for Microsoft 365 poses risks related to the exposure of sensitive data and content, both internally and externally. This risk arises because Copilot allows easy, natural-language access to unprotected content. Internal exposure of inadequately-protected sensitive information is a significant and realistic threat. For example, employees could retrieve sensitive financial or HR information via the chat interface that they couldn't reach before. Additionally, external data leaks could occur if employees use Copilot to help summarize or rewrite emails in Outlook and suddenly your confidential data might reach 3rd parties LLM’s training data. There is also the risk of unsafe responses and hallucinations from the LLM. Furthermore, Copilot for M365 does not offer native enterprise-specific GenAI controls, requiring organizations to custom integrate third-party GenAI Trust, Risk, and Security Management (AI TRiSM) controls that Microsoft does not support.

M365 Copilot has brought with it a new paradigm of productivity within tools that have been around for over two decades (Microsoft Word, Excel, PowerPoint, Outlook, etc.), so despite the potential associated risks it brings, it’s no surprise that it’s being so widely used. Driven by the needs of our customers and prospects, we decided to move forward - and very fast - with developing a comprehensive solution that would allow them to efficiently embrace it without compromising on data privacy. We stop data breaches without stopping innovation.

So what is it that we’ve built and how is it helping organizations?

Our agent-based solution continuously monitors and analyzes data shared with, and retrieved from, Microsoft 365 Copilot. It inspects each prompt and model response, blocking or sanitizing sensitive data within context to prevent risky leaks. This ensures that organizations maintain visibility and control over GenAI interactions across their entire Microsoft 365 environment.

Key features:

  • Real-time prevention of sensitive data exfiltration, both within the organization when employees use Copilot to share and retrieve information, as well as outside of it, making sure sensitive data doesn’t leave the organization.
  • Department-based granular policies for the use of Copilot for Microsoft 365, integrating with Identity and Access Management solutions. For instance, the marketing department using Copilot will have different policies and access permissions than the finance department.
  • Easy deployment that takes minutes and integrates with existing security infrastructure through a lightweight agent.
  • Comprehensive auditing of all data shared with and retrieved from Copilot for Microsoft 365

I couldn’t be more excited about what we’re building at Prompt Security, helping organizations safely embrace the transformational opportunities that GenAI brings to every touchpoint of their environment. We are the key to innovation. 

****************************************

We’ll tell you much more about this release on our upcoming webinar on September 17th, register here.

****************************************

Gartner Research about Copilot for Microsoft 365

The team has gathered a few recent reports and recommendations by Gartner that will be beneficial to read when building the security strategy for M365 Copilot.

* Available with a Gartner subscription

Share this post

Related posts

August 31, 2024

8 Real World Incidents Related to AI

Some of the questions we get asked with most frequency from many of our prospects and the ecosystem at large when embarking on their GenAI Security journey, revolve around "How real are the risks related to AI, have there been actual incidents involving AI?" The answer is yes.
Read more
August 1, 2024

Now Available: A New Version of Prompt Fuzzer, the first interactive open-source tool for GenAI Apps Vulnerability Assessment

The first of its kind, Prompt Fuzzer is an interactive, open-source tool that empowers developers of GenAI applications to evaluate and enhance the resilience and safety of their system prompts in a user-friendly way.
Read more
July 25, 2024

A customer flagged us an alleged false positive… Turns out it was an AI Component in Google Workspace

Our dynamic detection identified an AI component in Google Workspace. Initially flagged as a potential false positive by one of our customers, a deeper inspection revealed it was Google's 'Help me Write' feature, an AI-based assistant designed to help users in drafting and editing documents
Read more
View all