SAIL 2.0

/

Deploy - Runtime Guardrails

/

Cross-Tenant or Cross-Workspace Data Leak via Embedded Copilots

5.16

.

Cross-Tenant or Cross-Workspace Data Leak via Embedded Copilots

sail
5.16
Risk

Cross-Tenant or Cross-Workspace Data Leak via Embedded Copilots

Description

Embedded copilots and grounded-retrieval agents leak data across tenant or workspace boundaries via indirect prompt injection in shared content.

Example

A poisoned document in a shared SharePoint causes M365 Copilot to exfiltrate another tenant's data through a grounded query.

Assets Affected

AI Agent

AI App

Dataset / RAG

3rd-Party AI Integration

Mitigation
  • Strict tenant isolation in grounded retrieval
  • sanitize external content
  • per-tenant policy enforcement
  • monitor cross-tenant data flow.
Standards Mapping
  • ISO: A.7.6
  • OWASP agentic: ASI06, ASI01
  • OWASP LLM: LLM02:2025, LLM08:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-MCP Server 13.23, Agents-MCP Client 13.30
  • AIUC-1: A005, A006