https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

Something to be aware of if you work in a Microsoft shop with security requirements: Copilot on Sharepoint will apparently allow ACL bypass without logging or alerting.

You can just ask it for things.

It looks like what's going on under the hood here is that Copilot introduces a new category of user account for their agents, who have expansive read permissions by default and Copilot doesn't know how to map what the agent can read/reply against user permissions.