- Microsoft is extending the distinctive Copilot design language into Edge and other services beyond the core Copilot app.
- Copilot competes closely with ChatGPT, sharing GPT-4 at its core but differing in accuracy, web access, integrations and pricing.
- New Copilot Studio "Connected Agents" capabilities raise security and governance concerns for enterprises.
- Copilot is increasingly embedded across Microsoft 365, Windows and mobile, reshaping everyday productivity workflows.
Over the last few years, Microsoft Copilot has shifted from a single chatbot into a broad AI layer that touches the company’s apps, services and even visual identity. From browser UI tweaks to enterprise automation and mobile access, Copilot is steadily becoming the default way many people interact with Microsoft’s ecosystem.
At the same time, Copilot now sits in direct competition with OpenAI’s ChatGPT, despite also relying on OpenAI’s GPT-4 model. Their capabilities overlap heavily, yet they diverge on real‑time web access, customization, integrations and security posture. And as Microsoft adds powerful features like Connected Agents in Copilot Studio, questions around governance, visibility and risk are growing just as fast as productivity claims.
Copilot’s design language starts to reshape Microsoft Edge
Microsoft is in the middle of a visible UI transition, pulling the Copilot app’s visual style directly into its Edge browser. Early Canary and Dev channel builds of Edge now sport rounded corners, updated context menus, a redesigned new tab page and a settings area that looks almost like it was lifted straight from the standalone Copilot app.
These changes don’t depend on having Copilot Mode toggled on. Even with Copilot integrations disabled, most of the refreshed interface remains in place, with the main difference occurring on the new tab page, which falls back to Bing search and MSN news modules when Copilot elements are hidden.
What makes this notable is that Copilot’s aesthetic intentionally breaks from Microsoft’s long‑used Fluent Design system. Windows 11, Xbox and Office still lean on Fluent, with its own shapes, shadows and motion. Copilot introduced a new visual language that, until recently, felt like an outlier, closer in spirit to the Pi assistant that Inflection AI was building before much of its team joined Microsoft in 2024.
By lifting that style into Edge, Microsoft is signaling that Copilot’s visual identity may be the template for future Microsoft experiences across web properties and potentially, over time, the Windows shell itself. For now, the rollout in Edge is limited to preview channels and appears to be gated server‑side, so not every tester sees it yet.
What Microsoft Copilot actually is in 2026
Behind the new branding, “Copilot” is Microsoft’s umbrella term for AI capabilities woven throughout its products. The idea is that wherever you work—whether you’re in a browser, Office document or desktop—you can call on the same assistant to help draft, summarize, analyze or create.
You can currently access Microsoft Copilot in several main ways that cover both consumer and enterprise scenarios:
- Copilot with Bing, the web-facing chat experience integrated into Bing search and Edge.
- Copilot for Microsoft 365, which injects AI into Word, Excel, PowerPoint, Outlook, Teams and other productivity apps.
- Copilot in Windows, exposed as a dedicated button and panel on Windows 11 PCs that ties into system settings, apps and the web.
Under the hood, Copilot uses OpenAI’s GPT‑4 family of models, the same generation that powers ChatGPT’s premium tiers. Microsoft’s multi‑year investment in OpenAI and close technical partnership mean that, in practice, both tools draw on similar language-model foundations, while diverging in how they’re packaged, governed and priced.
That shared lineage came into sharper focus during high‑profile leadership turbulence at OpenAI, when it briefly appeared that Sam Altman might join Microsoft before ultimately returning as OpenAI’s CEO. Despite that drama, the technical relationship between the companies has stayed intact, keeping Copilot on the same core model trajectory as ChatGPT.
Copilot vs ChatGPT: similar brains, different experiences
From a user’s perspective, Copilot and ChatGPT can feel remarkably similar: both are conversational agents, both can generate long‑form text, code, summaries and images, and both can remember context over a session. But once you look at how each one handles interface, performance, web access and extensibility, the differences become clearer.
User interface and interaction style
Microsoft positions Copilot as a more guided assistant, offering built‑in conversation styles such as “More Creative,” “More Balanced” and “More Precise”. Switching modes nudges the model toward different tones and levels of risk‑taking in its responses. Copilot also surfaces starter prompts to spark ideas and often attaches illustrative images or cards, for instance when answering weather or shopping queries.
At the end of a response, Copilot generally gives you options to like or dislike the output, copy it or export it into common formats like Word, PDF or plain text. A read‑aloud function can voice the answer in a single synthesized voice, useful for hands‑free scenarios or accessibility.
ChatGPT, by contrast, sticks to a more minimal, text‑centric interface. It does not expose named conversation styles, but it lets you define “custom instructions” that influence how the assistant behaves across chats—things like preferred writing style, level of detail or what it should know about your role. Users can likewise rate responses, regenerate them or keep specific outputs pinned for later reference.
One major structural difference is input flexibility. ChatGPT’s interface natively supports attaching files, images and documents, which can then be analyzed, summarized or used as additional context for generation. Copilot can interact with images and voice, particularly via its mobile app and Designer GPT, but is more limited when it comes to directly using arbitrary documents as first‑class inputs in the core web chat.
Performance, accuracy and real‑time information
Technically, both assistants draw on the GPT‑4 family trained on a vast number of parameters, allowing them to generalize across languages, domains and tasks. But their behavior with respect to accuracy and freshness of information diverges due to different defaults around web access.
Copilot, including its free tier, is tightly linked with Bing. Its answers routinely incorporate live search results and current data, especially for time‑sensitive prompts like weather, news or pricing. It often returns rich cards, images and cited links that signal where specific facts were sourced.
ChatGPT’s free GPT‑3.5 model, on the other hand, relies on a training snapshot that does not automatically include real‑time updates. To tap into the live web via Bing integration and get fresher information, users typically need a paid plan such as ChatGPT Plus or higher tiers. Even then, the presentation remains more text‑heavy and less card‑driven unless you explicitly ask for structured formatting.
On accuracy, users frequently report that Copilot’s real‑time grounding and explicit citations can make it easier to verify claims at a glance. ChatGPT is capable of highly detailed analysis but is also well known for occasional hallucinations and confident errors, particularly when pushed beyond its training data or when browsing is off. In both cases, independent verification is still recommended for sensitive or high‑stakes queries.
Custom GPTs and specialization
Customization is one of the clearest areas where the two ecosystems diverge. ChatGPT offers a full catalog of custom GPTs—mini assistants tuned for specific use cases, many created by third‑party users. OpenAI also maintains a set of official GPTs curated for tasks like coding help, data analysis or creative writing. There are reportedly thousands of public GPTs available, spanning everything from legal research aids to language tutors.
Microsoft has taken a narrower approach so far. Within Copilot, a small set of official “Copilot GPTs” extend the main experience, including Designer for image generation with DALL‑E 3, a vacation planner, a cooking assistant and a fitness trainer. These GPTs act more like built‑in modes rather than a vast marketplace—useful in their domains but far fewer in number than ChatGPT’s open store.
In direct testing, that difference shows up in everyday tasks. For example, when using cooking‑focused GPTs on both platforms, Copilot’s Cooking Assistant walked through multiple preference questions to narrow down recipes from a fridge photo, while ChatGPT’s Sous Chef GPT leaned toward faster, more streamlined suggestions, including a step‑by‑step recipe, an illustrative AI image and an auto‑generated grocery list.
Plugins and external integrations
Beyond GPT variants, both platforms support plugins that connect the assistant to outside services. Copilot currently exposes a small set of official plugins, such as Instacart, Kayak, Klarna, OpenTable, Shop and Suno (for converting text into AI‑generated audio). Users can typically activate up to three at once to search for travel, book dining, shop or generate music.
ChatGPT, meanwhile, has cultivated a much larger plugin ecosystem, with more than a thousand options from well‑known brands and niche providers. Popular entries include Wikipedia, Wolfram, Zapier, Expedia, recipe helpers and design tools like Canva. The platform also limits active plugins per session, but the breadth of choices far exceeds Copilot’s current catalog.
Because these plugins may be operated by third parties, there are privacy implications in both ecosystems. When a plugin is active, request data may be forwarded outside of the core AI provider, which means organizations need to be deliberate about which connectors are allowed in regulated environments.
Copilot on mobile and across devices
Both assistants extend beyond the desktop browser. Copilot has native mobile apps for Android and iOS, mirroring much of the functionality of the web version and tying more tightly into Microsoft’s ecosystem.
On Android, Copilot currently supports devices running version 11 or newer. The mobile app lets you dictate prompts using the microphone, upload or capture images for analysis or math help, and select a preferred tone of response, again echoing the “creative/balanced/precise” options. Voice output is available in a consistent voice for listening to answers.
ChatGPT’s mobile footprint is similarly broad, with apps on Android 6.0+ and iOS 16.1+. On these platforms, users can switch between GPT‑3.5 and GPT‑4 (depending on subscription), talk to a voice assistant using several distinct voices, and attach documents or photos directly from the camera or files. That file‑first design makes ChatGPT’s app particularly practical for workers who want to review long PDFs, spreadsheets or scans on the go.
As with the desktop, both mobile apps aim to compress multi‑step workflows into a single chat, though Copilot tends to lean harder into integration with Microsoft 365 data and services, while ChatGPT optimizes for model‑centric features and GPT store access.
Security spotlight: Copilot Studio and Connected Agents
As generative AI moves deeper into business processes, the security model behind tools like Copilot Studio is getting more scrutiny. One of the most recent flashpoints is the Connected Agents capability in Copilot Studio, introduced at Microsoft’s Build 2025 conference.
Connected Agents is designed to help AI agents reuse each other’s knowledge, tools and topics within the same environment, so that a specialized agent can call another for a particular task. In principle, this should reduce duplication and make complex workflows easier to assemble.
Researchers at Zenity Labs, however, have shown that this convenience can create a stealthy backdoor channel. Because Connected Agents are enabled by default on newly created agents, any agent that exposes unauthenticated tools or sensitive capabilities may also be indirectly exposed to other agents in the same tenant—potentially including malicious or poorly configured ones.
The core problem is visibility. Copilot Studio currently does not provide an easy, built‑in view of which agents are connected to which, or when one agent has invoked another. When a malicious agent calls a trusted one via the Connected Agents mechanism, the invocations typically do not appear as user messages in the target agent’s activity tab, making the activity hard to spot through normal monitoring.
How attackers can abuse Connected Agents
Zenity’s proof‑of‑concept scenarios outline how an attacker—or even a careless insider—might exploit the feature. A malicious agent can be created inside the same environment as business‑critical agents, then configured to connect to a target agent that already has high‑privilege tools or sensitive data access.
Once linked, the malicious agent can silently trigger tools exposed by the trusted agent without any visible user interaction. If that trusted agent can send emails from a corporate domain, query internal databases or perform other sensitive operations, those actions can be executed under the appearance of legitimate automation.
Because the Connected Agent calls do not surface as standard messages or prominent audit entries, traditional logging and oversight may miss this lateral movement. The result is a form of hidden delegation: one agent effectively borrows the privileges of another, but the relationship is not obvious to administrators who only look at individual agent logs.
From a security architecture standpoint, this pattern combines overly broad trust assumptions with limited transparency. All agents in an environment are implicitly treated as equally trustworthy, despite often being created by different teams, for different purposes and with different risk profiles. That makes it easier for a low‑risk prototype agent to become a pathway into sensitive workflows.
Practical risk‑reduction steps for organizations
Until Microsoft introduces more granular controls and better visibility, organizations using Copilot Studio need to treat Connected Agents with caution. Several practical steps can help reduce exposure without abandoning the feature entirely.
- Systematically audit existing Copilot Studio agents to see where Connected Agents is enabled, and evaluate what tools and data each of those agents exposes.
- Disable Connected Agents by default on agents that front high‑sensitivity operations, such as email sending, financial operations or access to confidential internal datasets.
- Enforce strong authentication at the tool level, so that even if an agent connection exists, certain actions still require explicit user credentials rather than inherited permissions.
- Restrict who can create, modify and publish agents, and separate development environments from production to limit the blast radius of experimental agents.
- Regularly review agent knowledge sources, channels and scopes to ensure they align with least‑privilege principles.
- Monitor tenant and audit logs for unusual patterns of agent activity, treating any agent with Connected Agents turned on as effectively internet‑accessible until stronger guardrails are in place.
Taken together, these measures help organizations re‑introduce boundaries and observability into an environment that can otherwise become opaque as AI agents proliferate and interconnect.
Market impact and the race with other AI assistants
Beyond specific features, both Copilot and ChatGPT are reshaping how people search, work and make decisions online. Routine research that once started with a search bar now often begins in a chat window, with the model summarizing the web and surfacing links instead of pages of blue links.
For Microsoft, Copilot’s rise has had a noticeable effect on its search footprint. Bing reportedly saw a substantial uptick in page visits after the launch of its AI chat experience, and adoption of the Bing/Copilot mobile app surged dramatically once GPT‑4‑powered features arrived. The integration with Windows and Microsoft 365 further increases exposure, effectively putting Copilot in front of hundreds of millions of potential users by default.
ChatGPT’s growth has been even more dramatic in raw user numbers. The service attracted around one million users within days of launch, far faster than early‑stage growth at major consumer platforms like Netflix, Twitter or Facebook. Those adoption curves, coupled with revenue projections into the billions, have made generative AI a central focus for both startups and incumbents.
Meanwhile, competing assistants from Meta and Google are pushing the ecosystem forward. Meta’s AI chat tools are being woven into its social platforms, and Google’s Gemini is experimenting with live, multimodal interactions that blur the line between chat, search and voice‑first assistants. These alternatives help set expectations for what an AI “copilot” should be able to handle in everyday life.
Research from institutions such as MIT suggests that AI assistants could materially reshape productivity across knowledge work, potentially changing how companies structure roles and processes. That potential upside is tempered by concerns around misuse, bias and the displacement of certain tasks, all of which continue to be debated by policymakers and practitioners.
Privacy, risk and pricing models
As organizations roll out Copilot and ChatGPT at scale, data governance and privacy are becoming as important as raw model quality. Both systems learn from user interactions in various ways, and both offer enterprise configurations designed to limit how customer data is retained or used for broader training, but the details matter.
Security analysts have pointed out that generative AI tools can be repurposed by attackers for tasks like phishing, content generation or even assisting with exploit development. Articles in venues such as Harvard Business Review have warned that hackers are already experimenting with chatbots to automate parts of their workflows, raising the stakes for robust access controls and monitoring.
From a cost perspective, both providers offer a mix of free access and paid upgrades. Copilot is available in a no‑cost tier for web and mobile, with additional capabilities and enterprise integrations delivered through Microsoft 365 licensing and dedicated Copilot subscriptions. ChatGPT likewise has a free GPT‑3.5 tier, plus paid options like ChatGPT Plus, Teams and Enterprise that unlock GPT‑4, higher usage limits and advanced features.
The perception among many users is that Copilot delivers a generous feature set in its free configuration, particularly given its use of GPT‑4, real‑time search integration and export options. ChatGPT remains attractive for power users and developers who value the GPT store, plugin ecosystem and API access, even if that often comes with a monthly fee or usage‑based pricing.
For organizations, the choice is less about a single “winner” and more about which combination of tools best fits existing infrastructure, compliance obligations and workflows. Many will end up using both, with Copilot embedded in Microsoft‑centric environments and ChatGPT or its APIs used for bespoke applications and experimentation.
Copilot’s evolution—from a Bing-branded chatbot to a design language, a productivity layer and an enterprise automation platform—illustrates how quickly AI assistants are becoming foundational rather than optional. As Microsoft weaves Copilot deeper into Edge, Windows and Microsoft 365, and as features like Connected Agents expand what AI agents can do on behalf of users, the benefits and risks are rising in tandem. Organizations and individuals that want to take advantage of these capabilities will need to pay as much attention to governance, visibility and security as they do to convenience and creativity.
