AI agents should not have hard-coded credentials in topics
Why This Matters
When AI agents contain hard-coded credentials, API keys, or secrets, those values are exposed within the agent topic definitions. This creates a security risk because anyone with access to the agent can view or extract sensitive information. Replacing these credentials with secure alternatives prevents unauthorized access and data breaches.
What Aether365 Checks
This check scans all Copilot Studio agent topics in your Microsoft 365 tenant for patterns that indicate hard-coded credentials, API keys, connection strings, or other secrets. It appears in your Aether365 dashboard under microsoft-365 checks.