By NHI Mgmt Group Editorial TeamPublished 2026-03-20Domain: Governance & RiskSource: Abnormal AI

TL;DR: Microsoft Teams messages can carry malicious files and links through compromised vendor accounts and external tenants, while native scanning may occur up to 48 hours after delivery, creating a dwell-time window for users to click, according to Abnormal AI. The governance gap is not collaboration itself, but the trust model that assumes internal context is safer than it actually is.

At a glance

What this is: This analysis shows that Microsoft Teams can be abused as a delivery channel for phishing, malware, and social engineering, with native scanning windows and manual response creating avoidable exposure.

Why it matters: It matters because collaboration platforms now sit inside the identity and access perimeter, so security teams need the same inspection and response discipline they apply to email across human, vendor, and guest interactions.

By the numbers:

👉 Read Abnormal AI's analysis of Microsoft Teams phishing and malicious file delivery

Context

Microsoft Teams is now part of the identity attack surface, not just a productivity layer. When external tenants, vendor accounts, or guest users can place files and links into active threads, the trust decision shifts from the inbox to the conversation, where context often lowers suspicion.

The practical problem is that collaboration security has lagged behind email security. Native inspection, manual triage, and delayed removal all assume the user will not act before detection catches up, which is a weak assumption in fast-moving chat workflows.

Key questions

Q: What breaks when Teams messages are only scanned after delivery?

A: A delayed scan leaves a window in which users can open malicious files or links before enforcement happens. That breaks the assumption that detection alone is enough. In collaboration tools, time is part of the control, so security teams need inline inspection and automated remediation, not post-delivery cleanup.

Q: Why do collaboration platforms complicate phishing defence?

A: Collaboration platforms blend internal staff, vendors, and guests into one trusted-looking interface, which makes malicious requests look routine. That weakens user scrutiny and increases click likelihood. Defenders should treat shared threads as a governed trust boundary and restrict how external identities can place content there.

Q: How do security teams know whether Teams remediation is working?

A: They should measure dwell time, removal latency, and the percentage of malicious messages removed before any user interaction. If detection is happening but content stays visible long enough to be clicked, the control is not effective enough. Audit trails should show fast, consistent containment.

Q: Who is accountable when a malicious message arrives through a vendor account?

A: Accountability spans collaboration security, third-party access governance, and identity lifecycle management. The team that owns external access, the team that monitors the channel, and the team that approves vendor connectivity all have a role. Shared responsibility only works when ownership is explicit and reviewed.

Technical breakdown

Why Teams trust signals make phishing more believable

Teams combines names, presence indicators, avatars, shared threads, and vendor context into one interface. That mixture creates a stronger trust cue than email alone because users read conversation context as informal verification. Attackers do not need a sophisticated exploit when they can place a convincing file or link into a familiar operational thread. The security issue is not only content maliciousness, but the way the platform presents that content as routine business communication. If external access is too open, the interface itself becomes part of the social engineering chain.

Practical implication: treat external collaboration threads as untrusted delivery paths, not as inherently safe internal workspaces.

How attachment and URL inspection can lag behind delivery

Native controls may inspect Teams content after it has already reached the user, and that delay can stretch to 48 hours in some cases. That creates a dwell-time window in which the message remains visible, clickable, and credible even though the underlying file or URL may later be identified as malicious. In collaboration systems, time-to-removal matters as much as verdict quality because the attack succeeds when a user acts before enforcement arrives. The control problem is latency, not just detection accuracy.

Practical implication: move from delayed scanning to inline inspection and automated response that operate at message speed.

Why manual remediation increases collaboration risk

Manual response in Teams requires detection, ticketing, administrator action, and user notification before the content is removed. Each step extends exposure and introduces coordination delay, which is especially costly in a live conversation where users may continue clicking while analysts work the case. Tombstoning content changes that dynamic by removing the malicious artifact while preserving a clear security notice, reducing both access and confusion. The architectural lesson is that response should be enforced inside the collaboration workflow, not appended after the fact.

Practical implication: automate message removal and preserve audit evidence so containment does not depend on analyst availability.

Threat narrative

Attacker objective: The attacker wants to convert collaboration trust into user action, so the malicious file or link is opened before defenders can remove it.

  1. Entry occurs when attackers use compromised vendor accounts or external tenants to place malicious files and URLs into active Microsoft Teams conversations.
  2. Credential or account abuse gives the attacker trusted delivery access, allowing the message to appear as a routine business request inside a legitimate thread.
  3. Impact follows when a user opens the file or clicks the link before delayed scanning or manual remediation removes the content, enabling phishing, malware delivery, or credential theft.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Teams phishing is a collaboration trust problem before it is a malware problem. The platform merges employees, vendors, contractors, and guests into one conversational space, so legitimacy cues are built into the interface itself. That makes the attack look operationally normal even when the payload is hostile. Security teams should stop treating collaboration as a low-risk channel and start treating it as a governed trust boundary.

Message-speed remediation is now a control requirement, not an operational preference. When native inspection can lag by hours, the attack succeeds in the gap between delivery and enforcement. Manual cleanup extends that gap further, so dwell time becomes the real exposure metric. Practitioners need to measure how long malicious content remains visible, not just whether it was eventually detected.

The new named concept here is collaboration dwell time. This is the time malicious content remains active in chat after delivery but before removal. The longer that window stays open, the more likely a user is to click, forward, or reply in ways that widen the incident. Teams governance must now account for this window as a primary security variable.

Real-time inspection and tombstoning should be evaluated alongside email security, not as an optional collaboration add-on. Attackers do not distinguish between inbox and chat when choosing a delivery path. The governance question is whether the organisation can enforce policy at the point of interaction across all communication surfaces. If it cannot, the collaboration layer remains a practical blind spot.

Compromised vendor accounts are a governance signal, not just a threat source. They show that third-party identity trust extends into internal workflows and can be abused without needing a new foothold inside the organisation. That should push identity teams to scrutinise external access, vendor lifecycle, and collaboration permissions together rather than as separate programmes.

From our research:

  • The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
  • 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
  • For a broader breach-pattern view, read The 52 NHI breaches Report for root-cause patterns that show how trusted identity paths are abused.

What this signals

Collaboration security is converging on the same operating model as email security. Teams and Slack now need inline inspection, policy enforcement, and fast containment because user trust is embedded in the channel itself. That shift matters to IAM and identity teams because third-party access, guest identity, and message delivery are now part of the same governance surface.

Collaboration dwell time is the new exposure metric. If malicious content remains live long enough for a user to act, the control failed regardless of eventual detection. Security teams should track removal latency as a programme indicator and push remediation closer to the point of delivery.

With 43% of security professionals already concerned about AI systems learning and reproducing sensitive information patterns from codebases, per The State of Secrets in AppSec, organisations should expect trust-boundary drift across both code and collaboration workflows.

For practitioners

  • Treat collaboration threads as governed trust surfaces Classify Teams and Slack as message delivery channels that require the same inspection standard as email, especially where vendors and guests can post files or links into active threads.
  • Measure collaboration dwell time Track the interval between malicious message delivery, detection, and removal so you can see how long a dangerous file or URL stays visible to users.
  • Automate message removal and tombstoning Use policy-driven remediation that removes malicious content inside the collaboration workflow while preserving a security notice and audit trail.
  • Tighten external access paths Review which vendor accounts, guest tenants, and external identities can initiate conversations with file or URL sharing, then reduce those permissions to the minimum needed for collaboration.
  • Align collaboration response with email controls Apply inline inspection, URL reputation checks, and automated enforcement to collaboration tools so response speed matches the speed of user interaction.

Key takeaways

  • Teams phishing works because collaboration context increases trust, not because the malware is unusually sophisticated.
  • Delayed scanning and manual remediation create a measurable exposure window that attackers can exploit before content is removed.
  • Real-time inspection, automated tombstoning, and tighter external access controls are the practical response for collaboration security.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0PR.AC-4Teams abuse depends on external access and trust boundaries.
OWASP Non-Human Identity Top 10NHI-01Compromised vendor accounts and shared access create non-human identity risk.
NIST CSF 2.0DE.CM-8Real-time detection and response depend on monitoring collaborative channels.

Extend monitoring to collaboration platforms and verify malicious content is detected before user interaction.

Key terms

  • Collaboration dwell time: The period during which malicious content remains visible and usable inside a collaboration platform after it has been delivered. In Teams and similar tools, this window matters because users can act on a message before scanning or remediation removes it, turning delivery latency into an exposure metric.
  • Tombstoning: A response action that removes a malicious message or file while leaving behind a security notice explaining that the content was taken down. This preserves user awareness and audit evidence while preventing further access, which is useful when collaboration speed makes manual clean-up too slow.
  • External access trust boundary: The control edge between internal users and outside identities such as vendors, guests, and partner tenants. In collaboration tools, this boundary is especially important because trusted-looking conversations can be initiated by non-employees, so access rules and monitoring need to reflect that risk.
  • Inline inspection: Security analysis performed at the point content is delivered rather than after it has already been made available to the user. For collaboration platforms, inline inspection reduces the chance that a malicious file or link remains clickable long enough to be opened.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Abnormal AI: Microsoft Teams Security Risk, malicious files and phishing in chat. Read the original.

NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-03-20.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org