AI agents should not send email with AI-controlled inputs
Descriptionโ
Checks all Copilot Studio agents for email-sending tools (such as Office 365 Outlook or SendMail connectors) where the recipient, subject, or body may be controlled by AI-generated content. This presents a risk of data exfiltration via email to attacker-controlled addresses.
How to fixโ
Remove email-sending tools from agents that do not have a legitimate business need to send email. For agents that do require email capabilities, ensure recipients are restricted to a fixed list and are not dynamically determined by user input or AI-generated content. Use DLP policies to block the Outlook connector for agents that should not send email.
Learn more: Configure data policies for agents
Prerequisitesโ
This test evaluates Copilot Studio agent configurations via the Dataverse API.
Connect-Maester -Service Graph,Dataverse