Forensic Summary
Microsoft has launched Scout, an always-on autonomous AI agent built on the OpenClaw framework that operates across Microsoft 365 apps including Teams, Outlook, OneDrive, and SharePoint with its own Entra identity. The agent's persistent, unsupervised access to email, calendar, chat, and external systems via MCP creates a broad new attack surface for prompt injection, privilege abuse, and data exfiltration. As an experimental release with limited deployment controls, security teams should treat Scout as a high-risk agentic surface requiring careful governance before broad adoption.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/microsoft-scout-autonomous-agent-expands-attack-surface-across-microsoft-365/
Top comments (0)