Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Identifies Copilot Studio AI agents with Model Context Protocol (MCP) tools configured using maker credentials. This configuration can create security risks because the tool runs with the makers personal permissions. Any user interacting with the agent could indirectly gain access to resources the maker can access. I compromised, the agent could be used to perform actions with the makers privileges. Recommended Action: Replace maker credentials with secure alternatives like managed identities
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 7e9f6a0b-1c2d-3e4f-5a6b-7c8d9e0f1a2b |
| Tactics | CredentialAccess, PrivilegeEscalation |
| Techniques | T1078, T1552 |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/AI%20Agents/Copilot%20Studio%20Connector/AIAgentsMCPToolMakerCredentials.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊