AI is now part of everyday work. With tools like Microsoft 365 Copilot built into email, documents, meetings, and collaboration, people can find information faster, summarise content quickly, and get work done with less effort. That is the upside. The challenge is that AI also changes how data is discovered and used. Instead of waiting for someone to manually search through folders or systems, AI can pull together information from across the business in seconds.
That is why AI feels different. It does not create completely new security problems on its own. What it really does is expose problems that were already there, old files, messy permissions, overshared folders, and data that should have been cleaned up years ago. AI simply makes those issues easier to find, easier to use, and in the wrong situation, easier to abuse.
AI Doesn’t Break Security Rules - It Scales Them
One of the biggest misunderstandings around AI security is thinking that AI itself is the danger. In reality, AI works with the access and data it is given. If your environment is well-governed, AI can be incredibly useful. If access is too broad or data is poorly protected, AI reflects that too.
The bigger risk is that attackers are learning how to manipulate AI systems in ways that traditional security teams are not used to. Microsoft has warned that indirect prompt injection can happen when hidden instructions are placed inside emails, files, or websites that an AI tool later reads. In that situation, the AI can end up acting on the attacker’s instructions instead of the user’s intent.
That is why secure AI adoption still comes back to the same basics: control access, protect sensitive data, and treat untrusted content carefully.
Zero Trust Still Matters for AI
The best way to think about AI security is through a Zero Trust lens.
Verify explicitly.
Know which users, apps, plug-ins, and AI tools are accessing your environment. If an organisation does not know what AI tools are in use, it cannot govern them properly.
Use least privilege.
AI should only see the data it needs, and AI agents should only be allowed to take the actions they were designed for. If an agent can read everything or do too much, the risk grows very quickly.
Assume breach.
With AI, this mindset matters even more. Every prompt should be treated as potentially unsafe; every response could expose something sensitive, and every AI-connected workflow could become a new attack path if it is not designed properly.
This is really the message behind secure AI adoption: do not treat AI as separate from security. Extend your existing security strategy to cover it.
The Risk Is Bigger Than Just the Chat Window
A lot of people think AI risk starts and ends with what a user types into a chatbot. It is much broader than that.
There are risks at the user layer, like people pasting confidential information into public AI tools. There are risks at the application layer, like prompt injection, insecure plug-ins, and data leakage. Then there are risks at the platform and model layer, including poisoned training data, exposed connectors, or weak controls around how agents interact with business systems.
That is why AI security is not just about user awareness. It is also about identity, data governance, application security, and monitoring.
Real-World Examples Show Why This Matters
This is not theoretical anymore. We already have real examples showing how AI-related security issues play out in practice.
One of the earliest examples came from Samsung. In 2023, employees pasted confidential source code and internal meeting content into ChatGPT to help with work tasks. That incident pushed Samsung to restrict generative AI use on company devices and networks while it worked on safer controls.
Another major example was EchoLeak, a Microsoft 365 Copilot vulnerability disclosed in June 2025. Researchers showed that a specially crafted email could lead Copilot to expose sensitive information from a user’s Microsoft 365 context without the user needing to click anything. Microsoft patched the issue, and reporting at the time said there was no evidence it had been exploited maliciously in the wild.
More recently, researchers disclosed a Copilot Studio prompt injection issue in 2026. In that case, a malicious payload submitted through a public-facing form could influence an agent, query connected SharePoint data and send information out through an authorized Outlook action. The important lesson was not just the bug itself; it was the fact that the agent was doing exactly what it had permission to do.
Google has also shared that indirect prompt injections are no longer just a lab exercise. In April 2026, Google said it found real prompt injection attempts on public websites, including attempts to manipulate AI systems, steal data, and interfere with AI-driven browsing. Google also reported a 32% increase in malicious examples in its scans between November 2025 and February 2026.
These examples all point to the same lesson: once AI is connected to business data, workflows, and actions, security gaps become much more visible.
Shadow AI Is Still One of the Biggest Problems
Not every AI risk looks like a sophisticated attack. Sometimes it is just employees trying to get work done faster.
People paste emails into public AI tools to rewrite them. They upload documents for summaries. They use browser extensions or unapproved AI apps without thinking too much about where the data goes. The intent is usually innocent, but the result can still be serious. Once business data leaves the Microsoft 365 environment and is placed into a public AI tool, the organisation may lose visibility and control.
That is why Shadow AI is growing so quickly. It is easy, convenient, and often invisible unless organisations actively monitor it and provide approved alternatives.
Phishing Will Only Get Smarter
Phishing has also changed. AI makes it easier for attackers to write convincing emails, mimic normal business language, and generate messages that sound much more believable than the old fake phishing emails full of spelling mistakes. The result is that phishing is not going away; it is getting more polished.
That makes identity protection even more important. If a user is tricked, controls like multifactor authentication, Conditional Access, and session protection can still help limit the damage.
The Real Lesson: Get the Basics Right First
The main takeaway is simple: AI is not something businesses should fear, but it does need to be governed properly.
If identities are well protected, permissions are clean, data is classified, and access is controlled, AI becomes a huge productivity advantage. If those basics are missing, AI can expose problems fast.
So, the conversation should not be about stopping AI. It should be about getting ready for it properly.
The organisations that will get the most value from AI are the ones that take security seriously before rolling it out at scale. In those environments, AI becomes an advantage. In messy environments, it becomes a spotlight on everything that was already wrong.
Contact our team of Security experts
The Dicker Data Microsoft team are here to help, contact us today.
References:
Samsung Bans ChatGPT, Google Bard, Other Generative AI Use by Staff After Leak - Bloomberg
EchoLeak: The First Real-World Zero-Click Prompt Injection Exploit in a Production LLM System
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway | VentureBeat
Google Online Security Blog: AI threats in the wild: The current state of prompt injections on the web
