Copilot Studio - Secrets or bulk PII in agent response
Copilot Studio Sensitive Data In Response
Query
AppEvents
| where Name == "BotMessageSend"
| extend
ConvId = tostring(Properties["conversationId"]),
ChannelId = tostring(Properties["channelId"]),
Output = tostring(Properties["text"])
| where isnotempty(Output)
| extend
AwsKey = Output matches regex @"AKIA[0-9A-Z]{16}",
PrivateKey = Output contains "-----BEGIN" and Output contains "PRIVATE KEY-----",
Jwt = Output matches regex @"eyJ[A-Za-z0-9_\-]{10,}\.[A-Za-z0-9_\-]{10,}\.[A-Za-z0-9_\-]{10,}",
EmailCount = array_length(extract_all(@"([A-Za-z0-9._%+\-]+@[A-Za-z0-9.\-]+\.[A-Za-z]{2,})", Output))
| where AwsKey or PrivateKey or Jwt or EmailCount >= 10
| extend Signal = case(
AwsKey, "AwsAccessKey",
PrivateKey, "PrivateKey",
Jwt, "JwtToken",
EmailCount >= 10, "BulkEmailPII",
"Unknown")
| extend AccountName = iff(isempty(UserId), "unknown-agent", UserId)
| project
TimeGenerated, Signal, AccountName, ConvId, ChannelId, EmailCount,
Output = substring(Output, 0, 1024), SessionId, ClientIP, AppVersion
| order by TimeGenerated descExplanation
This query is designed to monitor and detect potential data leaks from a Copilot Studio agent. It raises an alert if the agent's outbound messages contain sensitive information such as AWS access keys, private keys, JWT tokens, or a large number of email addresses (10 or more). Here's a simple breakdown of what the query does:
-
Data Source: It analyzes outbound messages from the "BotMessageSend" events in Application Insights.
-
Detection Criteria:
- Checks if the message contains an AWS access key pattern.
- Looks for private key indicators within the message.
- Searches for JWT token patterns.
- Counts email addresses in the message and flags if there are 10 or more.
-
Alert Generation: If any of the above criteria are met, an alert is triggered, indicating a potential data leak.
-
Severity and Tactics: The alert is marked as high severity and is associated with tactics like Exfiltration and Collection, which are techniques used to extract data.
-
Incident Management: When an alert is triggered, it creates an incident, grouping alerts by account to manage them effectively.
-
Additional Details: The query captures and projects relevant information such as the time of the event, type of signal detected, account name, conversation ID, channel ID, and a snippet of the message content.
Overall, this query helps in identifying and responding to incidents where sensitive information might be inadvertently or maliciously exposed by a Copilot Studio agent.
Details

David Alonso
Released: June 8, 2026
Tables
Keywords
Operators
Severity
HighTactics
Frequency: PT1H
Period: PT1H