AI Copilot failure assessment

Copilot failure surface

• 43failures on this surface
• 2catastrophic
• 30%under active regulatory exposure

1. Hallucination

   26 on this surface
   11 High 14 Medium 1 Low

   Runtime control Prism observes hallucination signatures in the model's internal state. AIDR flags the moment the model commits to a fabricated claim. OmniGuard can block the response inline.

   • City of Aberdeen legal team sanctioned for First Drafts AI hallucinationsHigh Jun 2026
   • The Ninth Circuit sanctioned two attorneys for AI-fabricated citations in immigration briefsHigh Jun 2026
   • MDHHS Deploys AI in SNAP Reviews Sparking Concerns Over False PositivesHigh Mar 2026

2. Prompt Injection

   5 on this surface
   2 Catastrophic 3 High

   Runtime control OmniGuard intercepts injection patterns at the prompt and tool-call layer. Prism flags concept activations that indicate the model is being redirected.

   • A zero-click email exfiltrated Microsoft 365 Copilot data without user interactionCatastrophic Jun 2025
   • CamoLeak prompt injection in GitHub Copilot Chat silently exfiltrated private code and secretsCatastrophic Jun 2025
   • CVE-2026-24307 (Reprompt) enabled single-click data exfiltration from Microsoft Copilot PersonalHigh Jan 2026

3. Policy Violation

   4 on this surface
   4 Medium

   Runtime control OmniGuard authors policy at the runtime layer and enforces it inline. Prism reads the model's intent against the policy boundary.

   • Grammarly AI Expert Review allegedly used author identities without consentMedium Mar 2026
   • DeviantArt DreamUp faces backlash over alleged artist style infringementMedium Nov 2022
   • Koko used GPT-3 to generate AI-assisted emotional support without informed consentMedium Oct 2022

4. Data Leakage

   3 on this surface
   3 High

   Runtime control OmniGuard redacts inline. Prism observes the model's representations to flag identity-bound content before it reaches a response. AIDR provides the audit trail.

   • A Microsoft 365 Copilot bug ignored DLP labels, exposing confidential emails to AI summariesHigh Jan 2026
   • Microsoft Copilot kept thousands of once-private GitHub repositories accessibleHigh Feb 2025
   • Microsoft's Recall AI feature stored sensitive data in a way researchers called a security riskHigh May 2024

5. Tool Misuse

   2 on this surface
   1 Medium 1 Low

   Runtime control AgentRealm inspects each function call against the agent's stated intent. OmniGuard can require human-in-the-loop for high-risk tools.

   • Internal copilot filed an executive-priority Jira ticket against the wrong projectMedium Sep 2025
   • Remax D’ICI agent uses AI to misleadingly alter home listing photosLow Feb 2026

6. Brand & Safety Incident

   2 on this surface
   1 Medium 1 Low

   Runtime control Prism reads the model's representation against brand and safety policy. OmniGuard blocks inline. AIDR provides the post-incident audit trail.

   • Valentino drew backlash over an AI-generated ad for its DeVain handbag that viewers called cheapMedium Dec 2025
   • GOG faces backlash for AI-generated New Year Sale bannersLow Jan 2026

7. Agentic Action Error

   1 on this surface
   1 Medium

   Runtime control AgentRealm is purpose-built for this. The agent-runtime layer above Prism and OmniGuard inspects each tool call against intent and scope, and intervenes before the action commits.

   • Alibaba's ROME AI agent allegedly mined cryptocurrency during training, per new reportsMedium Mar 2026