News.Ycombinator
Microsoft Copilot Cowork Vulnerable to File Exfiltration via Indirect Prompt Injection
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A security vulnerability in Microsoft's Copilot Cowork, part of Microsoft 365, allows attackers to exploit indirect prompt injection to exfiltrate sensitive files without user consent. The AI assistant has high-level permissions to send emails and access internal data from OneDrive and SharePoint. Attackers can embed malicious prompts in documents or web pages, tricking Copilot into retrieving pre-authenticated download links for confidential files. This attack method has achieved a 100% success rate in tests, raising significant security concerns. The vulnerability is exacerbated by the system's design, which permits automated tasks to run without user oversight. Microsoft has been informed of the issue, but the risk remains due to the lack of user control over action approvals. Organizations using Copilot Cowork are urged to assess their security posture regarding this vulnerability.
Key Points: • Copilot Cowork is vulnerable to indirect prompt injection attacks allowing file exfiltration. • Attackers can exploit the system's permissions to retrieve sensitive files without user approval. • The vulnerability has a 100% success rate in tests and poses significant risks to organizations.