- Zenity Labs
- Posts
- Links and materials for Your Copilot Is My Insider
Links and materials for Your Copilot Is My Insider
Links, demos, tools and slides for RSAC 2025

This is a post with all of the links and additional materials for a talk at RSAC 2025 titled Your Copilot Is My Insider.
Abstract:
This session will look at how Copilots can be used as novel attack vectors to compromise user accounts for initial access and exploitation. Will demo how to subvert a Copilot into a malicious insider without access, controlling its actions and outputs and use this remote control to make Copilot spear phish, resulting in a user making badly informed decisions. All without compromising an account.
Resources
Deck: Available here
Talk: Scaling AppSec With an SDLC for Citizen Development at RSAC 2025
Talk: Living off Microsoft Copilot at BHUSA 2025
Talk: All You Need Is Guest at BHUSA 2024
Demo: Scan your tenant for publicly-facing copilot bots with Copilot Hunter
Demo: Hijacking Microsoft Copilot to be your malicious insider
Demo: Spyware injection into ChatGPT’s long-term memory
Tool: Power Pwn, an offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform
Link: The GenAI Attacks Matrix
Reply