Microsoft 365 Copilot Generated Images Accessible Without Authentication -- Fixed!
infonewsLLM-Specific
security
Source: Embrace The RedJanuary 2, 2025
Summary
Microsoft 365 Copilot (a generative AI assistant built into Microsoft 365) had a security issue where generated images could be accessed without authentication (meaning anyone could view them without logging in). The issue has been fixed. The article also mentions that system prompts (the hidden instructions that guide an AI's behavior) for this tool have been updated over time, including changes to how it accesses enterprise search features.
Classification
Attack SophisticationModerate
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Affected Vendors
Microsoft
Related Issues
Original source: https://embracethered.com/blog/posts/2025/m365-copilot-image-generation-without-authentication/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 75%