Agentic AI Module Added To NHI Training Course

Forums
The Non-Human & AI ...
NHI Breaches
CoPhish Breach: OAu...
 
Notifications
Clear all

CoPhish Breach: OAuth Token Theft via Copilot Studio Agents

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Prominent Member
Joined: 8 months ago
Posts: 276
Topic starter 18/12/2025 9:49 am  

Executive Summary

In March 2025, a significant data breach was reported involving the exploitation of OAuth tokens via malicious agents in Copilot Studio. Attackers utilized the platform’s demo functionality to create fraudulent agents that impersonated legitimate services, hosted on trusted Microsoft domains. This phishing attack leveraged OAuth consent flows, tricking users into granting access and compromising sensitive authentication tokens. The scale of impact is substantial as countless users of the Copilot Studio platform fell victim to this sophisticated attack, leading to potential unauthorized access to user accounts and sensitive data. Cybersecurity experts have raised alarms over this new phishing technique, emphasizing the urgent need for improved protective measures.

👉 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

  • March 2025: Attackers launched the CoPhish attack exploiting Copilot Studio.
  • October 2025: Datadog Security Labs disclosed the phishing technique and its implications.
  • Future updates from Microsoft are expected to address the vulnerabilities.

Data Compromised

  • OAuth tokens were stolen, granting unauthorized access to user accounts.
  • Potential access to sensitive information, including personal and corporate data.

Impact Assessment

  • Widespread phishing resulted in numerous users unknowingly compromising their credentials.
  • Organizations using Copilot Studio are at risk of data breaches and identity theft.

Company Response

  • Microsoft has acknowledged the issue and is actively working on a fix for the security gaps.
  • Users are being advised to monitor their accounts for suspicious activities.

Security Implications

  • This incident highlights the vulnerabilities of OAuth-based identity systems.
  • Organizations must enhance their cybersecurity protocols to prevent similar attacks.

👉 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.



   
Quote
Topic Tags
Data Breach Cybersecurity OAuth Tokens Phishing Attack Microsoft Copilot
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  Data Breach (78) , Cybersecurity (111) , OAuth Tokens (4) , Phishing Attack (2) , Microsoft Copilot (1) ,
Share:

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.