Security Vulnerability in Microsoft Copilot: AI Leaks Sensitive Data

What’s it about?

Security experts have identified a concerning vulnerability in Microsoft Copilot. Attackers can manipulate the AI software into disclosing confidential information by employing a multi-stage attack technique called Reprompt. The attack works via manipulated links that can be distributed by email or through other communication channels. In particularly critical cases, victims do not even need to click anything to have their sensitive data compromised.

Background & Context

The Reprompt technique exploits multiple vulnerabilities in Copilot’s security architecture. At its core, a malicious parameter is placed in a URL that, when accessed, sends targeted commands to the AI. Particularly problematic is the fact that Copilot apparently performs less strict security checks on repeated requests. Attackers exploit this property to gradually extract more and more information.

Researchers have also discovered a zero-click variant in which simply displaying a prepared message is sufficient to capture data. Through chained requests, attackers can continuously collect new information by building on previous AI responses. The trust many users place in AI assistants and their willingness to share sensitive information further amplifies the danger.

What does this mean?

Companies should immediately review what data their employees are sharing with Copilot and tighten corresponding policies
Security teams must pay closer attention to suspicious links and unusual Copilot requests, especially those with URL parameters
It is advisable to conduct training that raises employee awareness of the risks of AI-based phishing attacks
Access rights for AI assistants should be configured according to the principle of least privilege
Organizations should actively monitor developments regarding this security vulnerability and any possible patches from Microsoft