AI agents are evolving to become more autonomous, capable of proactively solving problems and improving workflows across various fields. To support this shift, OAuth 2 standards need to be updated to accommodate the unique authorization requirements of these intelligent systems, ensuring secure and granular access permissions. Microsoft emphasizes the importance of collaboration within the OAuth community to develop these necessary enhancements for a secure future of AI agents.

A new phishing method called 'CoPhish' exploits Microsoft Copilot Studio agents to issue fraudulent OAuth consent requests, allowing attackers to steal session tokens through social engineering tactics. Researchers from Datadog Security Labs have highlighted the risks associated with Copilot Studio's flexibility and noted that Microsoft plans to address these vulnerabilities in future updates. Users are advised to limit administrative privileges and enforce stricter governance policies to mitigate the risks.

Russian hackers have been exploiting vulnerabilities in Microsoft's OAuth 2.0 authentication framework, allowing them to access sensitive information from targeted accounts. This ongoing attack poses significant security risks for organizations using Microsoft services, emphasizing the need for enhanced security measures and awareness.