AI Agent Third Party Plugin With Internal Data Access
Query
// Detection of data exfiltration risks via third-party plugins in sensitive agents
AIAgentsInfo
| where TimeGenerated >= ago(1d)
| extend RawInfo = parse_json(RawAgentInfo)
| extend ImpactedSettings = RawInfo.impactedSettings
| extend AppType = tostring(RawInfo.appType)
| extend PublishedStatus = tostring(RawInfo.publishedStatus)
// Detection of third-party allowances
| where AppType =~ "thirdParty"
or ImpactedSettings has "allowThirdParty"
or AgentToolsDetails has "thirdParty"
// Focus on agents with access to internal data sources such as SharePoint or Teams
| where AIAgentName has_any ("Sharepoint", "OneDrive", "Teams", "Internal", "Intranet")
or ConnectedAgentsSchemaNames has_any ("Sharepoint", "OneDrive")
| extend HostCustomEntity = LastModifiedByUpnAbout this query
AI Agent Third-Party Plugin with Internal Data Access
Query Information
MITRE ATT&CK Technique(s)
| Technique ID | Title | Link |
|---|---|---|
| T1567 | Exfiltration Over Web Service | https://attack.mitre.org/techniques/T1567/ |
Description
Detects AI agents configured with third-party plugins or allowances that also have access to sensitive internal data sources like SharePoint, OneDrive, or Teams. This configuration could pose a data exfiltration risk if the third-party plugin is compromised or malicious.
Author <Optional>
- Name: Benjamin Zulliger
- Github: https://github.com/benscha/KQLAdvancedHunting
- LinkedIn: https://www.linkedin.com/in/benjamin-zulliger/
Defender XDR
Explanation
This query is designed to identify potential security risks involving AI agents that have access to sensitive internal data and are configured to use third-party plugins. Here's a simplified breakdown of what the query does:
-
Data Source: It analyzes information from
AIAgentsInfo, which contains details about AI agents. -
Time Frame: The query looks at data generated within the last day (
TimeGenerated >= ago(1d)). -
Data Parsing: It extracts and processes specific fields from the raw agent information, such as
impactedSettings,appType, andpublishedStatus. -
Third-Party Detection: It filters for AI agents that are either classified as third-party (
AppType =~ "thirdParty") or have settings that allow third-party interactions (ImpactedSettings has "allowThirdParty"orAgentToolsDetails has "thirdParty"). -
Internal Data Access: The query focuses on agents that have access to internal data sources like SharePoint, OneDrive, Teams, or other internal systems (
AIAgentNameorConnectedAgentsSchemaNamescontaining these terms). -
Output: It extends the results with the
HostCustomEntity, which identifies the user who last modified the agent (LastModifiedByUpn).
Overall, this query helps in detecting AI agents that could pose a data exfiltration risk due to their configuration with third-party plugins and access to sensitive internal data.
Details

Benjamin Zulliger
Released: June 8, 2026
Tables
Keywords
Operators
MITRE Techniques