5.16
.
Cross-Tenant or Cross-Workspace Data Leak via Embedded Copilots
sail
5.16
Risk
Cross-Tenant or Cross-Workspace Data Leak via Embedded Copilots
Description
Embedded copilots and grounded-retrieval agents leak data across tenant or workspace boundaries via indirect prompt injection in shared content.
Example
A poisoned document in a shared SharePoint causes M365 Copilot to exfiltrate another tenant's data through a grounded query.
Assets Affected
AI Agent
AI App
Dataset / RAG
3rd-Party AI Integration
Mitigation
- Strict tenant isolation in grounded retrieval
- sanitize external content
- per-tenant policy enforcement
- monitor cross-tenant data flow.
Standards Mapping
- ISO: A.7.6
- OWASP agentic: ASI06, ASI01
- OWASP LLM: LLM02:2025, LLM08:2025
- EU AI Act: Art. 15(5)
- DASF: Agents-MCP Server 13.23, Agents-MCP Client 13.30
- AIUC-1: A005, A006