web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / Blocked step - openAIn...
Copilot Studio
Suggested Answer

Blocked step - openAIndirectAttack

(2) ShareShare
ReportReport
Posted on by 73
HI all,
I am not sure why the copilot studio suddenly starts to filter a lot of content due to Responsible AI restrictions.

 
 
A very simple questions like this will still lead to Responsible AI restrictions
 
I have already set the moderation to low but I am still getting the restriction error
 
 
And if I am persistence enough to ask a few more times, it will start responding.




How can the restriction be overwritten? 
Categories:
I have the same question (0)
  • Suggested answer
    11manish Profile Picture
    3,333 on at
    If the behavior started suddenly without any changes to your agent, the most likely cause is a recent update to Microsoft's Responsible AI filtering or the
     
    underlying model used by Copilot Studio.
     
    Start by reviewing conversation transcripts, testing the same prompts in a new agent, and checking for recent changes to knowledge sources or instructions.
     
    If the issue is widespread across multiple agents and environments, consider opening a Microsoft support ticket with examples of previously accepted prompts
     
    that are now being blocked, as this will help determine whether the behavior is due to a recent platform change or a configuration-specific issue.
  • Haque Profile Picture
    3,653 on at
    Hi @Bjon,
     
    Was it responding smartly earlier and then suddenly started behaving like this? What is the model you have selected GPT5 or GPT-4?
     
    If it is GPT-5, can you please downgrade to GPT-4 and give a shot?
     
     
  • Suggested answer
    Haque Profile Picture
    3,653 on at
    Hi @Bjon,
     
    This indicates that the system detected an indirect prompt attack coming from external or grounded content (for example, documents, knowledge sources, or other data the agent is using), not necessarily from the visible user prompt itself.
     
    I think this thread will help you to address the issue.
     
     
     

    I am sure some clues I tried to give. If these clues help to resolve the issue brought you by here, please don't forget to check the box Does this answer your question? At the same time, I am pretty sure you have liked the response!
  • Suggested answer
    Valantis Profile Picture
    6,735 on at
    Hi @Bjon,
     
    OpenAIndirectAttack specifically means Azure AI Content Safety's Prompt Shields detected a potential indirect prompt injection, not in the user's message, but in the content your agent retrieved from knowledge sources (SharePoint docs, websites, or other grounded data). This is different from a jailbreak filter on the user input.
     
    The reason it's intermittent (works after a few tries) is that each query retrieves slightly different chunks from the knowledge source, and only specific chunks trigger the filter.
     
    Fix: review your knowledge source content for any text that could look like instructions to the AI model. Common triggers:
    - Phrases like "ignore previous instructions", "you are now", "as an AI you must"
    - Legal disclaimers or footers that contain instruction-like language
    - Templated documents with placeholder text like "[insert content here]"
    - Documents that contain examples of prompts or AI conversations
     
    To identify which content triggers it: in the conversation transcript (Copilot Studio Analytics > Conversations), find the blocked sessions and check what knowledge chunks were cited. The retrieved chunks that trigger the filter are usually visible in the debug output.
     
    You can't fully disable the OpenAIndirectAttack filter since it's a platform-level Azure AI Content Safety control, but cleaning up the knowledge source content to remove instruction-like text is the fix.

     

    Best regards,

    Valantis

     

    ✅ If this helped solve your issue, please Accept as Solution so others can find it quickly.

    ❤️ If it didn’t fully solve it but was still useful, please click “Yes” on “Was this reply helpful?” or leave a Like :).

    🏷️ For follow-ups  @Valantis.

    📝 https://valantisond365.com/

    💼 LinkedIn

    ▶️ YouTube

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Valantis Profile Picture

Valantis 277

#2
11manish Profile Picture

11manish 206

#3
sannavajjala87 Profile Picture

sannavajjala87 156 Super User 2026 Season 1

Last 30 days Overall leaderboard