This session will look at how Copilots can be used as novel attack vectors to compromise user accounts for initial access and exploitation. Will demo how to subvert a Copilot into a malicious insider without access, controlling its actions and outputs and use this remote control to make Copilot spear phish, resulting in a user making badly informed decisions. All without compromising an account.