GEEK HAUS
Back to feed
2026/05/25/researchers-show-microsoft-copilot-cowork-can

Researchers show Microsoft Copilot Cowork can leak Microsoft 365 files through indirect prompt injection and auto-approved messages

·promptarmor.com
read original

EDITOR BRIEF

Security researchers say Microsoft Copilot Cowork can be manipulated via indirect prompt injection in a poisoned skill to exfiltrate files from a Microsoft 365 tenant. The attack abuses the agent’s delegated permissions and the fact that some email and Teams message actions can proceed without human approval, then trigger attacker-controlled network requests when opened.

CONTEXT

The finding highlights a broader enterprise risk: agentic tools that span mail, chat, files, and identity systems can turn benign integrations into data exfiltration paths. As workplace AI agents gain more autonomy, vendors may need stricter action approvals, sandboxing, and egress controls rather than relying on model behavior alone.

ARTICLE

Microsoft Copilot Cowork Exfiltrates Files

COMMENTS

Discussion

> geekhaus:~$ next read?

Next read recommendations

unix.foo

Programming book sales are shrinking as developers shift from thick technical manuals to online docs, tutorials, and AI tools

Sennheiser’s new Momentum 5 headphones have upgraded ANC and a replaceable battery
The Verge

Sennheiser’s new Momentum 5 headphones have upgraded ANC and a replaceable battery

Ferrari reveals its first EV, with design help from Jony Ive
The Verge

Ferrari reveals its first EV, with design help from Jony Ive