KQL Search

Query Details

Microsoft Copilot Jailbreak Detected

Query

# *Microsoft Copilot Jailbreak Detected*

## Query Information

#### MITRE ATT&CK Technique(s)

| Technique ID | Title    | Link    |
| ---  | --- | --- |
| T1588.007 | DLL | https://attack.mitre.org/techniques/T1588/007/ |

#### Description

This rule detects instances where a 'jailbreak' attempt is identified within a Microsoft Copilot interaction. It specifically looks for CopilotInteraction events where the 'JailbreakDetected' flag is set to true in the message data.

#### Author <Optional>
- **Name: Benjamin Zulliger**
- **Github: https://github.com/benscha/KQLAdvancedHunting**
- **LinkedIn: https://www.linkedin.com/in/benjamin-zulliger/**

#### References
- 


## Defender XDR
```KQL
CloudAppEvents
| where ActionType == "CopilotInteraction"
| project-away AppInstanceId, ActivityObjects, IsAdminOperation, IsExternalUser, Type
| extend EventData = RawEventData.CopilotEventData
| extend 
    AppHost = tostring(EventData.AppHost),
    ThreadId = tostring(EventData.ThreadId),
    Messages = EventData.Messages,
    Resources = EventData.AccessedResources
| mv-expand Messages
| extend 
    MessageId = tostring(Messages.Id),
    isPrompt = tobool(Messages.isPrompt),
    JailbreakDetected = tobool(Messages.JailbreakDetected)
| project-away Messages, EventData
| where JailbreakDetected != 0 
| where isnotempty(JailbreakDetected)

```

Explanation

This query is designed to detect attempts to "jailbreak" Microsoft Copilot, which means trying to bypass or manipulate its intended functionality. It specifically looks for events labeled as "CopilotInteraction" within cloud application events. The query filters these events to find instances where the 'JailbreakDetected' flag is set to true, indicating a potential jailbreak attempt.

Here's a breakdown of the query:

  1. Source of Data: It starts by looking at CloudAppEvents where the action type is "CopilotInteraction".

  2. Data Filtering: It removes unnecessary columns such as AppInstanceId, ActivityObjects, IsAdminOperation, IsExternalUser, and Type to focus on relevant data.

  3. Data Extraction: It extracts specific details from the raw event data related to Copilot, including the application host, thread ID, messages, and accessed resources.

  4. Message Analysis: It expands the messages to analyze each one individually, extracting the message ID, whether it is a prompt, and if a jailbreak was detected.

  5. Jailbreak Detection: It filters the results to only include messages where a jailbreak was detected (JailbreakDetected is true).

In summary, this query identifies and lists events where a jailbreak attempt was detected in Microsoft Copilot interactions, helping security teams monitor and respond to potential security threats.

Details

Benjamin Zulliger profile picture

Benjamin Zulliger

Released: February 26, 2026

Tables

CloudAppEvents

Keywords

CloudAppEventsCopilotInteractionEventDataMessagesJailbreakDetected

Operators

CloudAppEvents|where==project-awayextend=tostring()mv-expandtobool()!=isnotempty()

Actions