This Microsoft Copilot vulnerability only requires a single click, and your personal data could be stolen

The Reprompt attack uses Copilot to steal victims personal information.

This Microsoft Copilot AI attack took a single click to compromise users

Varonis finds a new way to carry out prompt injection attacks ...
ZDNet

How this one-click Copilot attack bypassed security controls - and what Microsoft did about it

Dubbed "Reprompt," the attack used a URL parameter to steal user data. A single click was enough to trigger the entire attack chain. Attackers could pull sensitive Copilot data, even after the window ...