Considerations for Microsoft Copilot Studio vs. Foundry in Financial Services

Financial services organizations are increasingly turning to AI agents to drive productivity, automate workflows, and deliver an innovative edge. Within the Microsoft ecosystem, two agentic platforms, Copilot Studio and Foundry, are paving new paths for agent development and deployment. Despite their shared vision for enterprise AI, their differences have important implications for user groups, agent capabilities, and security priorities.

User Groups: Who Builds on Copilot Studio vs. Foundry?

Copilot Studio is designed for accessibility and speed. Its primary user group consists of business professionals, citizen developers, and subject-matter experts across functions like HR, customer service, and operations. With intuitive, low-code/no-code interfaces, Copilot Studio empowers these users to build conversational agents, workflow automations, and process assistants without deep technical expertise. Typical agents facilitate day-to-day business tasks, whether it be guided Q&A bots, HR request routers, or customer-facing chatbots, and deliver immediate impact to business units.

Foundry (previously known as Azure AI Foundry) is a platform suited for advanced, customizable agent development. Here, the primary users are IT teams, data scientists, professional developers, and architects with deep technical backgrounds. With Foundry, organizations can deploy complex agents capable of orchestrating AI across proprietary data sources, models, cloud services, and custom tools. The agents built in Foundry are often tailored to sophisticated requirements such as automating financial analysis, supporting regulatory compliance, integrating with core banking platforms, or enabling secure data exchange between silos. These agents are typically engineered for durability, extensibility, and compliance across mission-critical workflows.

Types of Agents Built: Business Enablement vs. Technical Automation

• Business-Facing Agents (Copilot Studio):These agents drive front-office productivity, automate repetitive tasks, and solve immediate business challenges. Line of business users can apply their hands-on knowledge to building agents on their own without needing to have coding backgrounds. Examples include digital assistants for onboarding, client interaction bots, and internal workflow managers.
• Technical or Mission-Critical Agents (Foundry): Agents in Foundry typically focus on back-office automation, complex data orchestration, risk modeling, fraud detection, and integration with legacy systems. Their development demands strong governance and robust testing, given the critical nature of financial data and compliance and do require agent-builders to have coding experience and know-how.

Shared Security Risks: The Common Ground

Regardless of platform, financial services organizations confront a core set of security risks as agent adoption grows. First, agents are being built by a growing base of business users, that is, people with varying technical backgrounds and without centralized oversight. This democratization, while beneficial to the business, also leads to shadow AI (unsanctioned agents) and inconsistent security practices. Next, any agent that proves useful becomes a prime target for attackers because it typically has access to sensitive data, high usage, and the ability to perform actions on behalf of users. Finally, agents, like humans, are unpredictable and can misinterpret instructions, answer things incorrectly, or make other mistakes, whether on purpose or inadvertently.

Without proper governance, these factors create a perfect storm for security and compliance challenges.

• Prompt injection and indirect prompt injection: Attackers may manipulate agents using crafted inputs or external content, causing unwanted behavior, data leakage, or unauthorized transactions.
• Excessive privileges and toxic combinations: Agents granted broad access across data sources and systems may inadvertently enable risky behavior, especially if business users over-provision capabilities.
• Data exfiltration and compliance violations: Sensitive financial, personal, or regulatory data may be exposed if agents lack proper boundaries or real-time enforcement during their operation.
• Blind spots in agent governance: Both platforms can enable rapid agent creation, making it difficult for security and compliance teams to maintain consistent review, monitoring, and remediation.

These risks can materialize differently depending on whether agents are built by business users (Copilot Studio) or technical teams (Foundry), yet both must be addressed with comprehensive visibility, policy enforcement, and real-time controls.

A Financial Services Perspective on Security and Governance

For CISOs, risk managers, and IT leaders in financial services, the rapid democratization of agent-building (via Copilot Studio) and the increased sophistication of technical automations (via Foundry) together create a dual challenge: securing agent development everywhere, from business-led innovation through to complex IT operations.

A proactive approach means rethinking security: not just protecting endpoints or external connections, but building governance into the agent lifecycle itself. This includes continuous discovery of agents, assessment of privilege and behavioral risk, and runtime enforcement to block unsafe actions before they occur. Security teams must foster collaboration with business units and developers to foster creativity while ensuring every agent operates within policy, regulatory, and risk boundaries.

As organizations harness the power of AI agents, the ability to unify governance and apply consistent security standards across platforms will be foundational, enabling innovation and agility, without compromising the trust that is paramount in financial services. We hope you’ll join us on December 10th, for a webinar hosted by Zenity, Microsoft, and Slalom, where we will cover the most common use cases that financial services organizations are using agents for, real examples of how to make sure agents are compliant and secure, how to implement scalable defense-in-depth, and lots more!