🔒 Security Threats & Defense
Stay ahead of emerging security threats. From AI prompt injection to browser extension attacks.
⚠️ Current Threats
- • Malicious Chrome extensions stealing sessions
- • MCP prompt injection attacks on AI agents
- • Microsoft Copilot used for SharePoint recon
- • M365 tenants insecure by default
Microsoft 365 Security
Your M365 tenant isn't secure by default. Key hardening steps:
- Disable legacy authentication protocols
- Enable Conditional Access policies
- Configure DLP rules for sensitive data
- Audit Copilot permissions and data access
- Monitor for unusual SharePoint activity
AI/LLM Security
As AI tools become ubiquitous, new attack vectors emerge:
- Prompt Injection — Malicious inputs that hijack AI behavior
- MCP Attacks — Exploiting Model Context Protocol servers
- Data Exfiltration — AI tools leaking sensitive context
- Jailbreaking — Bypassing safety guardrails
Browser Extension Risks
Browser extensions are a major attack surface:
- Can steal session cookies and tokens
- May inject scripts into any page
- Often request excessive permissions
- Malicious updates can compromise previously safe extensions
Defense Checklist
| Action | Priority |
|---|---|
| Audit browser extensions | 🔴 High |
| Enable MFA everywhere | 🔴 High |
| Review M365 security defaults | 🔴 High |
| Monitor AI tool access | 🟡 Medium |
| Segment network access | 🟡 Medium |