[FORECAST] CoPhish: The Microsoft Copilot Link That Hands Over Your OAuth Tokens
![[FORECAST] CoPhish: The Microsoft Copilot Link That Hands Over Your OAuth Tokens](https://images.squarespace-cdn.com/content/v1/54bd1221e4b05e8a3646d021/1767717180408-VYZ6N0RRLK0YTQKUGL1P/z.png)
Phishing got a low-code upgrade. 🤖🔑
Copilot Studio links can look “safe” because they’re hosted where users expect… then the OAuth consent click does the rest. 🧯
We’re forecasting the first publicly confirmed Copilot Studio → OAuth → M365 data breach by 12/31/26 (56%).