Hackers abuse new AI agent connections

Hackers allegedly gained hidden access to business systems using AI agents.
Researchers say Copilot Studio agents can be abused through default connection settings.

Security researchers warn hackers are exploiting a new feature in Microsoft Copilot Studio. The issue affects recently launched Connected Agents functionality.

Connected Agents allows AI systems to interact and share tools across environments. Researchers say default settings can expose sensitive capabilities without clear monitoring.

Zenity Labs reported attackers linking rogue agents to trusted systems. Exploits included unauthorised email sending and data access.

Experts urge organisations to disable Connected Agents for critical workloads. Stronger authentication and restricted access are advised until safeguards improve.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot