This is a post with all of the links and additional materials for a talk at RSAC 2025 titled Your Copilot Is My Insider.

Abstract:

This session will look at how Copilots can be used as novel attack vectors to compromise user accounts for initial access and exploitation. Will demo how to subvert a Copilot into a malicious insider without access, controlling its actions and outputs and use this remote control to make Copilot spear phish, resulting in a user making badly informed decisions. All without compromising an account.

Resources

• Deck: Available here

• Talk: Scaling AppSec With an SDLC for Citizen Development at RSAC 2025

• Talk: Living off Microsoft Copilot at BHUSA 2025

• Talk: All You Need Is Guest at BHUSA 2024

• Demo: Scan your tenant for publicly-facing copilot bots with Copilot Hunter

• Demo: Hijacking Microsoft Copilot to be your malicious insider

• Demo: Spyware injection into ChatGPT’s long-term memory

• Tool: Power Pwn, an offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform

• Blog: How Copilot Reads Your Emails and Teams Messages

• Blog: Stealing Copilot's System Prompt

• Blog: A Look Inside Microsoft Copilot’s RAG System

• Link: The GenAI Attacks Matrix

• Link: Microsoft’s AI Watchdog pattern

• Link: Simon’s Willison coins the term prompt injection