Microsoft Copilot Cowork Vulnerable to File Exfiltration via Indirect Prompt Injection

Microsoft Copilot Cowork Vulnerable to File Exfiltration via Indirect Prompt Injection

First seen 25 May 2026, 23:02 UTC News.YcombinatorNews.AibaseLetsdatasciencelearn.microsoft.com 79% similarity 65.2

Article Content

Browse articles
ThreatCluster

A security vulnerability in Microsoft's Copilot Cowork, part of Microsoft 365, allows attackers to exploit indirect prompt injection to exfiltrate sensitive files without user consent. The AI assistant has high-level permissions to send emails and access internal data from OneDrive and SharePoint. Attackers can embed malicious prompts in documents or web pages, tricking Copilot into retrieving pre-authenticated download links for confidential files. This attack method has achieved a 100% success rate in tests, raising significant security concerns. The vulnerability is exacerbated by the system's design, which permits automated tasks to run without user oversight. Microsoft has been informed of the issue, but the risk remains due to the lack of user control over action approvals. Organizations using Copilot Cowork are urged to assess their security posture regarding this vulnerability.

Key Points: • Copilot Cowork is vulnerable to indirect prompt injection attacks allowing file exfiltration. • Attackers can exploit the system's permissions to retrieve sensitive files without user approval. • The vulnerability has a 100% success rate in tests and poses significant risks to organizations.

ThreatCluster AI

Timeline

2026-05-25
PromptArmor reports Copilot Cowork vulnerability
A report reveals that Copilot Cowork can be exploited through indirect prompt injection to exfiltrate files.
News.Ycombinator
2026-05-26
Aibase reports on the Copilot Cowork issue
Aibase highlights the severity of the Copilot Cowork vulnerability and its implications for user data security.
News.Aibase

Community

Browse all →