A new phishing method called 'CoPhish' exploits Microsoft Copilot Studio agents to issue fraudulent OAuth consent requests, allowing attackers to steal session tokens through social engineering tactics. Researchers from Datadog Security Labs have highlighted the risks associated with Copilot Studio's flexibility and noted that Microsoft plans to address these vulnerabilities in future updates. Users are advised to limit administrative privileges and enforce stricter governance policies to mitigate the risks.