Phishing isn’t “back.” It just got a Microsoft-hosted glow-up. 🤖🔑
CoPhish-style lures are grossly effective because the user sees:
- a legit-looking Copilot Studio agent/chat link
- a familiar OAuth consent moment
- and thinks, “Well… it’s Microsoft, so it’s fine.” 🧯
Our Forecast Card is simple: Will we get ≥1 publicly confirmed enterprise breach where a Copilot Studio (or similar chatbot-builder) link tricks a user into granting OAuth access → actual M365 data access by 12/31/2026? (We’re at 56%.)
And the real “gotcha”: most breach writeups won’t print the exact lure domain, so defenders end up arguing vibes instead of evidence.
Question for the room: do you still allow end-user OAuth consent in Entra… or did you already shut that door?
Read the Forecast Card → https://blog.alphahunt.io/forecast-cophish-the-microsoft-copilot-link-that-hands-over-your-oauth-tokens
#AlphaHunt #IdentitySecurity #OAuth #Microsoft365 #ThreatHunting