CopilotHunter
Assess your risk from AI apps, copilots, agents, and bots
We developed CopilotHunter to identify and protect against misconfigurations in published Copilot Studio bots. This red team threat hunting tool allows you to scan for open Microsoft Copilot Studio bots and agents that are open to be used by anyone on the public internet, posing a massive risk to any enterprise.
Here’s how it works (no credentials or access required):
API call gets to an endpoint in Microsoft Copilot Studio
Determine which of the unique values in each bot’s URL also exists in the Copilot API subdomains
Fuzzing ‘mix and match’ for different values in the URL to get a response from the API that would indicate a bot exists
Deep scan to find open Copilot Studio bots based on domains or tenant IDs
If you’d like to run the scan, fill out the form on this page and we’ll send over the raw results and summary shortly!
Visualize Your Risk Today
You can also reach us anytime via hello@zenity.io