Venturebeat
Microsoft and Salesforce Address AI Agent Data Exfiltration Vulnerabilities
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Microsoft and Salesforce have patched serious prompt injection vulnerabilities in their AI platforms, Copilot Studio and Agentforce, respectively. Capsule Security identified these flaws, allowing attackers to exfiltrate sensitive data via crafted inputs in SharePoint and CRM forms. The Microsoft vulnerability, assigned CVE-2026-21520 with a CVSS score of 7.5, enables data extraction through malicious payloads inserted into SharePoint forms. Similarly, the Salesforce vulnerability, dubbed 'PipeLeak,' allows attackers to embed harmful instructions in public-facing lead forms. Despite the patches, the incidents highlight ongoing challenges with prompt injection vulnerabilities in large language models. Capsule's findings suggest that traditional security measures are inadequate for protecting AI agents. Organizations using these platforms are advised to review their configurations and implement additional security measures.
Key Points: • Microsoft and Salesforce patched critical prompt injection vulnerabilities in their AI systems. • CVE-2026-21520 allows data exfiltration from Microsoft Copilot via SharePoint forms. • Salesforce's 'PipeLeak' vulnerability enables data extraction through compromised lead forms.