AI agents in Microsoft 365 (Copilot Wave 3) function reliably only when data is cleanly structured, clear ownership models exist, and the scope of tasks is precisely defined.
Copilot Cowork is now generally available and allows users to choose between models from Anthropic (Claude Opus 4.8, Sonnet 4.6) as well as GPT 5.5 in the Frontier program.
A single click on a manipulated Microsoft link was sufficient to exfiltrate sensitive data such as one-time passwords and corporate files through parameter-to-prompt injection.
Three chained bugs in Microsoft 365 Copilot allowed attackers to exfiltrate corporate data via a legitimate microsoft.com link, as traditional anti-phishing filters did not block legitimate sources.
An active debug flag in Microsoft 365 Android apps allowed arbitrary apps on the device to steal authentication tokens and take over user accounts completely.
Microsoft is testing Scout, an autonomous AI agent that proactively coordinates meeting scheduling and identifies project risks — currently available only in the Frontier Program for enterprise customers.