Prompt Security Launches First Comprehensive Security and Governance Solution for Microsoft 365 Copilot

September 4, 2024

Tel Aviv, Israel - September 4, 2024 - Prompt Security, a leader in Generative AI (GenAI) Security, today announced the launch of the industry’s first security and governance solution for Copilot for Microsoft 365, marking a significant milestone in GenAI Security for enterprise applications.

As organizations rapidly adopt GenAI tools to boost productivity and innovation, the need for robust security measures has never been more critical. Prompt Security's latest offering addresses this need by providing comprehensive protection for the full suite of AI-powered tools integrated into Microsoft's popular productivity applications, including Microsoft’s Office applications and Windows OS.

"We are thrilled to be the first GenAI Security vendor to offer comprehensive protection for Microsoft 365 Copilot," said Itamar Golan, CEO and Co-founder of Prompt Security. "Our solution represents a new paradigm in GenAI Security, enabling enterprises to embrace the productivity gains brought about by Copilot for Microsoft 365, while maintaining full control of the organization’s use of the tool, keeping the highest level of data protection and governance.”

The solution addresses use cases such as internal and external data privacy, content moderation, observability, user activity analytics, and facilitating auditing and compliance with multiple regulatory standards. It also checks Copilot responses, preventing the display of inappropriate content and maintaining an audit trail for proper IP management.

Key features of Prompt Security’s solution for Copilot for Microsoft 365 include:

  • Real-time prevention of sensitive data exfiltration, both within the organization when employees use Copilot to share and retrieve information, as well as outside of it, making sure sensitive data doesn’t leave the organization.
  • Department-based granular policies for the use of Copilot for Microsoft 365, integrating with Identity and Access Management solutions. For instance, the marketing department using Copilot will have different policies and access permissions than the finance department.
  • Easy deployment that takes minutes and integrates with existing security infrastructure through a lightweight agent.
  • Comprehensive auditing of all data shared with and retrieved from Copilot for Microsoft 365

"As desktop applications with GenAI features become central to day-to-day operations, it's crucial that we deliver complete security regardless of where employees use these tools," explained Lior Drihem, CTO and Co-founder of Prompt Security. "Our agent-based solution ensures that organizations can maintain visibility and control over GenAI interactions across their entire Microsoft 365 environment."

Prompt Security's Microsoft 365 Copilot protection is available immediately. 

Register for an exclusive webinar on September 17th to learn more: https://www.prompt.security/events/prompt-security-for-microsoft-365-copilot-webinar-sept-2024

About Prompt Security

Founded in August 2023, Prompt Security delivers a complete solution for all Generative AI security in the enterprise. Its platform supports millions of prompts and thousands of users every month. The founding team combines deep expertise in both cybersecurity and AI, with years of experience building and securing machine learning systems at organizations like Check Point, Orca Security, and Israel’s elite intelligence unit 8200. Prompt Security’s CEO & Co-founder Itamar Golan was on OWASP Top 10 for LLM Applications core team and Prompt Security’s CTO & Co-founder Lior Drihem contributed to the project. The Prompt Security team of researchers has created proprietary LLMs and developed novel patent-pending techniques for detecting generative AI threats and addressing the associated risks.

FAQs 

In short, what is this announcement about?

Prompt Security announces complete security and governance for Copilot for Microsoft 365, allowing organizations to preserve internal and external data privacy when embedding Copilot for 365 on their organizational workflows, as well as attaining observability and monitoring over user activity in AI tools, in this case specifically, the full suite of Microsoft AI tools.

Why does it matter?

Copilot for Microsoft 365 is quickly spreading in organizations given the big productivity gains it brings, but it also opens a new vector of potential sensitive data exfiltration, both internally and externally. 

Per Gartner’s research, using Copilot for Microsoft 365 exposes the risks of sensitive data and content exposure internally and externally, because it supports easy, natural-language access to unprotected content. Internal exposure of insufficiently protected, sensitive information is a serious and realistic threat. External web queries that go outside the Microsoft Service Boundary also present risks that can’t be monitored.

Copilot for M365 uses GenAI models that, by nature, generate fictional responses (i.e., hallucinations), despite built-in grounding to enterprise data. Fictional or other unwanted responses can steer organizations into faulty or illegal processes and decision making.

Moreover, Copilot for M365 does not offer native enterprise-policy-specific GenAI controls so organizations must custom integrate third-party GenAI Trust Risk and Security Management (AI TRiSM) controls that Microsoft does not support.

What are some concrete examples of potential security risks related to the use of M365 Copilot?

An employee asks Copilot to reveal the salary of the CEO (or any other restricted information.) Without the right measures in place, Copilot could retrieve and share this information. 

Asking Copilot in Outlook to summarize an email that contains sensitive information. Once it gets to the LLM, it could be trained on this sensitive data.

Intellectual property monitoring. Employees could generate content of any caliber using Copilot. For legal purposes, it’s important to keep the audit trail to understand the source of the organization’s IP.

How do we do it? 

Prompt Security enables enterprises to benefit from the adoption of Generative AI while protecting from the full range of risks to their applications, employees and customers. At every touchpoint of Generative AI in an organization — from GenAI tools and assistants used by employees and developers, to GenAI integrations in homegrown applications — Prompt inspects each prompt and model response to prevent the exposure of sensitive data, block harmful content, and secure against GenAI-specific attacks. 

As GenAI gets more and more embedded into everyday workflows, the use of these tools doesn't only happen on browsers anymore, but rather on desktop applications as well. This is something that other vendors and tools haven’t fully addressed yet. With a lightweight agent, Prompt Security is able to monitor each prompt and response, and block or sanitize sensitive data to prevent data leaks via Copilot for Microsoft 365.

Share this post