Copilot Jailbreak Detected

# Copilot - Jailbreak Detection ![KQL](https://img.shields.io/badge/language-KQL-blue.svg) ![Status: Testing](https://img.shields.io/badge/status-testing-blue.svg) ## Query Information ### MITRE ATT&CK Technique(s) | Technique ID | Title | Link | | --- | --- | --- | | T0054 | LLM Jailbreak | https://atlas.mitre.org/techniques/AML.T0054 | ### Description This query retrieves events about Copilot jailbreak attempts. #### References - [LLM Jailbreak](https://atlas.mitre.org/techniques/AML.T0054) - [Queries for the CopilotActivity table](https://learn.microsoft.com/en-us/azure/azure-monitor/reference/queries/copilotactivity) - [The Microsoft Copilot Data Connector for Microsoft Sentinel is Now in Public Preview](https://techcommunity.microsoft.com/blog/microsoftsentinelblog/the-microsoft-copilot-data-connector-for-microsoft-sentinel-is-now-in-public-pre/4491986) ### Author - **Alex Verboon** ## Defender XDR ```kql CopilotActivity | where RecordType == "CopilotInteraction" | extend LLMData = parse_json(LLMEventData) | mv-expand Message = LLMData.Messages | extend JailbreakDetected = tobool(Message.JailbreakDetected) | where JailbreakDetected == true //| project TimeGenerated, ActorName, AppHost, AIModelName, MessageId = tostring(Message.Id), IsPrompt = tobool(Message.isPrompt) | order by TimeGenerated desc ``` I have also come across another log entry. ```kql CopilotActivity | extend Parsed = parse_json(LLMEventData) | mv-expand Resource = Parsed.AccessedResources | extend Action = tostring(parse_json(Resource.Action)) | extend Id = tostring(parse_json(Resource.id)) | extend Name = tostring(parse_json(Resource.Name)) | extend Type = tostring(parse_json(Resource.Type)) | project TimeGenerated, Action, Id, Name, Type, SrcIpAddr, Workload, AppHost, AppIdentity | where Name == @"JailBreak" ```

Explanation

This KQL query is designed to detect and retrieve events related to "jailbreak" attempts in the context of Microsoft Copilot interactions. Here's a simplified breakdown of what the query does:

Data Source: The query operates on the CopilotActivity table, which logs activities related to Microsoft Copilot.
Filtering for Interactions: It specifically looks for records where the RecordType is "CopilotInteraction", indicating that the event is an interaction with Copilot.
Parsing Event Data: The query extracts and parses JSON data from the LLMEventData field to access detailed information about the interaction.
Expanding Messages: It expands the Messages array within the parsed data to analyze each message individually.
Detecting Jailbreak Attempts: The query checks if a jailbreak attempt was detected in any of the messages by evaluating the JailbreakDetected field.
Filtering for Jailbreaks: It filters the results to only include messages where a jailbreak attempt was detected (JailbreakDetected == true).
Sorting Results: The results are ordered by the time the event was generated, in descending order, so the most recent events appear first.

The second log entry is another query that extracts information about accessed resources related to jailbreak attempts:

Parsing Resource Data: It parses the LLMEventData to extract information about resources accessed during the interaction.
Extracting Resource Details: The query extracts details such as the action taken, resource ID, name, and type.
Filtering for Jailbreak Resources: It filters the results to only include resources with the name "JailBreak".

Overall, these queries are part of a system to monitor and detect potential jailbreak attempts in interactions with Microsoft Copilot, helping to identify and respond to security threats.

Details

Alex Verboon

Released: April 20, 2026

Tables

CopilotActivity

Keywords

CopilotActivityLLMEventDataMessageJailbreakDetectedTimeGeneratedActorNameAppHostAIModelNameMessageIdIsPromptParsedAccessedResourcesActionIdNameTypeSrcIpAddrWorkloadAppIdentity

Operators

CopilotActivitywhereextendparse_jsonmv-expandtoboolorder bytostringproject

KQL Search