{"data":{"id":"d9e83354-a3f2-4f1b-aa4e-81068574fd39","title":"Microsoft Copilot Cowork Exfiltrates Files","summary":"Microsoft Copilot Cowork had a security flaw where its agents (automated systems that perform tasks) could send emails to users without approval, and these emails could contain external images that leak data when opened. An attacker could use prompt injection (tricking the AI by hiding instructions in its input) to make the agent create download links to files on OneDrive, allowing the attacker to steal those files.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://simonwillison.net/2026/May/26/copilot-cowork-exfiltrates-files/#atom-everything","publishedAt":"2026-05-26T15:36:48.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Copilot Cowork","OneDrive"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-26T15:36:48.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}