Preventing AI Agents from Going Rogue: Zenity Collaborates with Microsoft Copilot Studio to Deliver Inline Protection Against Malicious Behavior

AI agents are autonomous, powerful, and deeply embedded in how modern businesses operate. From rerouting customer support emails to accessing critical business tools like email and CRM systems, agents are transforming workflows across departments.

As of Microsoft’s Q1 2025 earnings report, over 230,000 organizations, including 90% of the Fortune 500, are using Microsoft Copilot Studio to build custom agents for a huge variety of tasks. Copilot Studio has made it fast and easy for teams to build agents that automate complex tasks, connect to external tools, and interact with sensitive data. From marketing and HR to finance and operations, business units are embracing this flexibility to streamline work and boost efficiency.

But this democratization of AI development introduces new & critical risks without active administration of the system:

• Anyone can build an agent, including those without security or technology expertise
• Anyone can easily configure agents to interact with a variety of tools - MCP servers, CRM systems, business applications, email, other agents, data sources, and lots more
• These agents can be manipulated to act unpredictably and/or maliciously, particularly when configured to invoke other tools

Example scenario: An AI agent is configured to handle customer support emails. It’s connected to both email and the CRM, designed to streamline responses and improve service. One day, an anonymous user sends a cleverly crafted message; no clicks, no downloads, just a simple email. That message triggers the agent, which then exposes sensitive CRM data to the sender. No authentication. No warning. Just a serious data leak.

This type of vulnerability is known as an indirect prompt injection attack, and it is a real and growing concern.

Customer Service Agents and AgentFlayer

In our latest demo which we demonstrated at BlackHat 2025, we showed how a misconfigured agent, even one built with good intentions, can become a serious security liability. The agent was:

• Accessible to untrusted users with privileged permissions
• Accepting unauthenticated chat inputs
• Triggered by anonymous users through a public flow

These vulnerabilities allowed a bad actor to exploit the agent without ever breaching a firewall or stealing credentials. Just one message, and the agent did the rest.

Zenity: Your Inline Defense for Copilot Studio

This is where Zenity integrates with Copilot Studio. Zenity’s inline prevention capabilities are designed to disrupt and prevent risky agent behavior before damage occurs.

With this latest integration, security teams can:

• Intercept agent tool invocation in real time, analyzing intent and behavior to prevent risk
• Disrupt risky behavior, stopping data exfiltration and unauthorized access before it happens
• Trace root causes, identifying misconfigurations, privilege misuse, and insecure triggers

Zenity helps organizations adopt AI securely without compromising speed, innovation, or autonomy.

Real Business Outcomes, Real Protection

Zenity and Copilot Studio enable enterprises to scale AI safely with:

• Secure AI for Every Department: Marketing, HR, finance, and operations can build agents while maintaining centralized governance and risk management.
• Full Visibility and Control: See who built each agent, what it connects to, and how it behaves, before it causes problems.
• Real-Time Threat Prevention: Detect and help prevent unauthorized data access, tool misuse, and suspicious behavior without disrupting workflows.

The Future of AI Security Is Inline

As AI agents become more autonomous, traditional security tools fall short. Zenity’s integration with Copilot Studio represents a shift towards intent-aware, behavior-driven security; one that operates in-line, not after the fact.

By embedding comprehensive security directly into the agent lifecycle, Zenity empowers organizations to innovate with confidence, knowing that agent actions, decisions, and tool invocations are being monitored and governed in real time. See it live for yourself!