 |
VOOZH | about |
|
VOOZH | about |
26th May 2026 - Link Blog
Microsoft Copilot Cowork Exfiltrates Files (via) The biggest challenge in designing agentic systems continues to be preventing them from enabling attackers to exfiltrate data.
In this case Microsoft Copilot Cowork (yes, that's a real product name) was allowing agents to send emails to the user's own inbox without approval... but those messages were then displayed in a way that could leak data to an attacker via rendered images:
Because these messages can contain external images that trigger network requests to external websites, data can be exfiltrated when a user opens a compromised message sent by the agent.
Since OneDrive can create pre-authenticated download links, a successful prompt injection could cause those links to be leaked, allowing files to be downloaded by the attacker.
This is a link post by Simon Willison, posted on 26th May 2026.
microsoft 132 security 610 ai 2,080 prompt-injection 152 generative-ai 1,837 llms 1,805 exfiltration-attacks 44 lethal-trifecta 27Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.
Pay me to send you less!
Sponsor & subscribe