Back

Microsoft and Salesforce Address AI Agent Data Exfiltration Vulnerabilities

Severity: High (Score: 70.5)

Sources: noma.security, Csoonline, www.capsulesecurity.io, Darkreading, Venturebeat

Summary

Microsoft and Salesforce have patched serious prompt injection vulnerabilities in their AI platforms, Copilot Studio and Agentforce, respectively. Capsule Security identified these flaws, allowing attackers to exfiltrate sensitive data via crafted inputs in SharePoint and CRM forms. The Microsoft vulnerability, assigned CVE-2026-21520 with a CVSS score of 7.5, enables data extraction through malicious payloads inserted into SharePoint forms. Similarly, the Salesforce vulnerability, dubbed 'PipeLeak,' allows attackers to embed harmful instructions in public-facing lead forms. Despite the patches, the incidents highlight ongoing challenges with prompt injection vulnerabilities in large language models. Capsule's findings suggest that traditional security measures are inadequate for protecting AI agents. Organizations using these platforms are advised to review their configurations and implement additional security measures. Key Points: • Microsoft and Salesforce patched critical prompt injection vulnerabilities in their AI systems. • CVE-2026-21520 allows data exfiltration from Microsoft Copilot via SharePoint forms. • Salesforce's 'PipeLeak' vulnerability enables data extraction through compromised lead forms.

Key Entities

  • Data Breach (attack_type)
  • Data Exfiltration (attack_type)
  • Capsule Security (company)
  • Microsoft (company)
  • Noma Labs (company)
  • Nvidia (company)
  • Salesforce (company)
  • CVE-2025-32711 (cve)
  • CVE-2026-21520 (cve)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1567.002 - Exfiltration to Cloud Storage (mitre_attack)
  • Agentforce (platform)
  • ClawGuard (platform)
  • Copilot Studio (platform)
  • M365 Copilot (platform)
  • Microsoft Copilot (platform)
  • Claude Code (tool)
  • Microsoft Teams (tool)
  • Nvidia NemoClaw (tool)
  • Email Tool (tool)
  • Agent Goal Hijack (vulnerability)
  • EchoLeak (vulnerability)
  • ForcedLeak (vulnerability)
  • PipeLeak (vulnerability)
  • ShareLeak (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed