From runtime risk to real‑time defense: Securing AI agents 

This report analyzes security risks introduced by Microsoft Copilot Studio agents, demonstrating how natural-language inputs can be abused to manipulate agent planning and invoke privileged tools, potentially leading to unauthorized actions or data exfiltration. It presents three scenarios—malicious instruction injection in event-triggered workflows, prompt injection via shared documents causing email exfiltration, and capability reconnaissance against public chatbots—and explains how Microsoft Defender’s webhook-based runtime checks inspect planned tool invocations and block unsafe actions to provide runtime protection without changing agent logic.