New CoPhish attack steals OAuth tokens via Copilot Studio agents

2025-10-25

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. [...]

New 'CoPhish' technique wraps OAuth phishing in Microsoft Copilot

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains.

The technique was developed by researchers at Datadog Security Labs, who warned in a report earlier this week that Copilot Studio's flexibility introduces new, undocumented phishing risks.

Source: https://www.bleepingcomputer.com/news/security/new-cophish-attack-steals-oauth-tokens-via-copilot-studio-agents/