Microsoft Patched Flaw Allowing Attackers to Hijack Copilot Responses. A well-phrased email was all an attacker would have needed to trick Microsoft Copilot into handing over sensitive data until the operating system giant patched the vulnerability. The zero-click prompt injection attack vulnerability received a CVSS severity score of 9.3.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/copilot-ai-bug-could-leak-sensitive-data-via-email-prompts-a-28713
