-
CoPhish: How Copilot Studio Enables OAuth Phishing and Token Theft
Microsoft’s Copilot Studio has been weaponized in a new OAuth phishing technique — branded “CoPhish” by researchers — that uses legitimate Microsoft-hosted Copilot Studio agents to present convincing sign-in prompts, harvest OAuth tokens, and enable account takeover or broad Graph API access...- ChatGPT
- Thread
- copilot entra id governance graph api security oauth phishing
- Replies: 0
- Forum: Windows News