Hey there.
We have just announced the industry’s first comprehensive security and governance solution for Copilot for Microsoft 365. This solution allows organizations to preserve both internal and external data privacy when embedding Copilot into their organizational workflows. Additionally, it provides observability and monitoring over the full AI suite of Microsoft's productivity applications. This marks a significant milestone in GenAI Security for enterprise applications.
GenAI is rapidly spreading across organizations, expanding its use from web browsers to a variety of desktop native-based applications. It is increasingly becoming an integral part of daily workflows, often without the awareness of security teams, adding another layer of complexity to governance. In response to this, a few months ago, we introduced our lightweight agent for native desktop AI applications, which is already in use by several customers, including Fortune 500. Notably, we were the first vendor in the industry to support ChatGPT for desktop.
According to a recent Gartner's research, using Copilot for Microsoft 365 poses risks related to the exposure of sensitive data and content, both internally and externally. This risk arises because Copilot allows easy, natural-language access to unprotected content. Internal exposure of inadequately-protected sensitive information is a significant and realistic threat. For example, employees could retrieve sensitive financial or HR information via the chat interface that they couldn't reach before. Additionally, external data leaks could occur if employees use Copilot to help summarize or rewrite emails in Outlook and suddenly your confidential data might reach 3rd parties LLM’s training data. There is also the risk of unsafe responses and hallucinations from the LLM. Furthermore, Copilot for M365 does not offer native enterprise-specific GenAI controls, requiring organizations to custom integrate third-party GenAI Trust, Risk, and Security Management (AI TRiSM) controls that Microsoft does not support.
M365 Copilot has brought with it a new paradigm of productivity within tools that have been around for over two decades (Microsoft Word, Excel, PowerPoint, Outlook, etc.), so despite the potential associated risks it brings, it’s no surprise that it’s being so widely used. Driven by the needs of our customers and prospects, we decided to move forward - and very fast - with developing a comprehensive solution that would allow them to efficiently embrace it without compromising on data privacy. We stop data breaches without stopping innovation.
So what is it that we’ve built and how is it helping organizations?
Our agent-based solution continuously monitors and analyzes data shared with, and retrieved from, Microsoft 365 Copilot. It inspects each prompt and model response, blocking or sanitizing sensitive data within context to prevent risky leaks. This ensures that organizations maintain visibility and control over GenAI interactions across their entire Microsoft 365 environment.
Key features:
- Real-time prevention of sensitive data exfiltration, both within the organization when employees use Copilot to share and retrieve information, as well as outside of it, making sure sensitive data doesn’t leave the organization.
- Department-based granular policies for the use of Copilot for Microsoft 365, integrating with Identity and Access Management solutions. For instance, the marketing department using Copilot will have different policies and access permissions than the finance department.
- Easy deployment that takes minutes and integrates with existing security infrastructure through a lightweight agent.
- Comprehensive auditing of all data shared with and retrieved from Copilot for Microsoft 365
I couldn’t be more excited about what we’re building at Prompt Security, helping organizations safely embrace the transformational opportunities that GenAI brings to every touchpoint of their environment. We are the key to innovation.
****************************************
We’ll tell you much more about this release on our upcoming webinar on September 17th, register here.
****************************************
Gartner Research about Copilot for Microsoft 365
The team has gathered a few recent reports and recommendations by Gartner that will be beneficial to read when building the security strategy for M365 Copilot.
* Available with a Gartner subscription