Microsoft 365 Copilot vulnerability allows attackers to exfiltrate sensitive emails through hidden instructions.
A newly discovered vulnerability in Microsoft 365 Copilot allows attackers to exfiltrate sensitive emails by embedding hidden instructions within Office documents. This indirect prompt injection enables the AI to fetch corporate emails covertly, which are then encoded and packaged as malicious diagrams. When users interact with these diagrams, the encoded data is sent to the attackers’ servers, while a fake login screen misleads users into compliance. Following responsible reporting by researchers, Microsoft has released a patch to disable hyperlinks in generated diagrams, urging users to update their systems immediately. This incident underscores the necessity for robust security measures in AI applications, highlighting potential risks in trust-based interactions between users and automated systems.