Microsoft Copilot Cowork Exfiltrates Files
Summary
Microsoft Copilot Cowork had a security flaw where its agents (automated systems that perform tasks) could send emails to users without approval, and these emails could contain external images that leak data when opened. An attacker could use prompt injection (tricking the AI by hiding instructions in its input) to make the agent create download links to files on OneDrive, allowing the attacker to steal those files.
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
Original source: https://simonwillison.net/2026/May/26/copilot-cowork-exfiltrates-files/#atom-everything
First tracked: May 26, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%