Product
CVE-2026-42893: M365 Copilot Command Injection Vulnerability
1 rule 1 TTP 1 CVECVE-2026-42893 is a command injection vulnerability in M365 Copilot that allows an unauthorized attacker to perform tampering over a network.
CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability
2 rules 1 TTPCVE-2026-26164 is an information disclosure vulnerability in M365 Copilot due to improper neutralization of special elements, allowing unauthorized information disclosure over a network.
M365 Copilot Impersonation Jailbreak Attack
3 rulesThis detection identifies attempts to jailbreak M365 Copilot by impersonating roles, adopting unrestricted personas, or mimicking malicious AI systems to bypass safety controls, searching exported eDiscovery prompt logs for roleplay keywords and categorizing prompts into impersonation types to detect persona injection attacks.
Microsoft 365 Copilot Jailbreak Attempts via Prompt Injection
3 rulesThe detection identifies attempts to jailbreak Microsoft 365 Copilot through prompt injection techniques that attempt to circumvent built-in safety controls by manipulating rules, bypassing system commands, or requesting AI impersonation.
M365 Copilot Access from Non-Compliant Devices
2 rulesDetection of M365 Copilot access from non-compliant or unmanaged devices that violate corporate security policies, potentially indicating shadow IT, BYOD policy violations, or compromised endpoint access.