Advertisement

Microsoft tightens Teams bot controls, but experts say it’s not enough to stop AI leaks

Microsoft has announced new controls for Microsoft Teams designed to give IT administrators better oversight of third-party bots joining meetings. The update aims to address growing concerns about AI notetakers capturing sensitive conversations without proper authorization.

When enabled, the feature uses behavioral and infrastructure signals to detect potential bots. These identified bots are automatically placed in the meeting lobby, clearly labeled as such, and require explicit approval from the organizer before joining. This applies even if the meeting settings allow human participants to bypass the lobby entirely.

Advertisement

External bots face stricter scrutiny

The primary focus of this update is on non-Microsoft software. Microsoft states that Teams will now distinguish between human participants and bots with higher accuracy. Organizers will see a prompt confirming admission for any detected bot, adding a layer of verification before these tools can access meeting audio or video feeds.

Microsoft also plans to introduce a registration path for independent software vendors (ISVs) that build meeting experiences for Teams. This is intended to create a more standardized way for legitimate third-party apps to integrate while maintaining security standards.

Advertisement

The Microsoft bot loophole

Security experts argue that the new controls are incomplete because they do not restrict Microsoft’s own AI features. Flavio Villanustre, CISO for LexisNexis Risk Solutions Group, noted that while preventing external bots is useful, it does nothing to stop Microsoft’s native bots from recording meetings.

Nader Henein, a VP analyst at Gartner, suggested that allowing multiple AI notetakers dilutes IT’s ability to control sensitive information. He recommended that organizations allow only one notetaking app per meeting, controlled strictly by the organizer, to ensure data redaction and privacy are maintained.

Personal devices and browser extensions

Even with stricter lobby controls, significant risks remain. Sanchit Vir Gogia, chief analyst at Greyhound Research, pointed out that AI capture can occur through routes the lobby never sees, such as browser extensions or personal devices used by attendees.

Gogia warned that once a conversation is transcribed and saved, it becomes a searchable corporate record that travels beyond the meeting room. He emphasized that approval at the lobby is not a comprehensive governance model, especially when participants can bypass these controls using their own hardware or software.

The risk of inaccurate AI summaries

Beyond data leakage, there is the issue of accuracy. Gogia highlighted that AI-generated summaries often look authoritative but can be incorrect. This shifts the burden of proof, as organizations may need to disprove what the machine wrote rather than prove what was actually said.

Justin Greis, CEO of Acceligence, noted that as AI evolves into agentic systems capable of taking actions post-meeting, the risks increase. He views Microsoft’s approach as a good start in treating AI participants like digital identities, but stressed that governance must evolve to handle autonomous agents that update business systems and collaborate with other AI tools.

What this means for you: If you use Teams for work, be aware that while external bots may face new hurdles, Microsoft’s own recording features and personal devices used by colleagues can still capture your conversations. Always assume meetings are recorded unless explicitly stated otherwise by your organization’s IT policy.

Source: Computerworld

Over to you: Does your organization allow AI notetakers in meetings, or do you ban them entirely for security reasons?

Related post

Advertisement

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.