Researchers Discover Single-Click Attack Turning Microsoft Copilot Into Data Exfiltration Tool

Researchers from Varonis have identified an attack named Reprompt that exploits Microsoft Copilot via a malicious link. With a single click, the AI assistant executes hidden instructions embedded in the URL (parameter injection), bypasses its security protections (guardrail bypass), and transmits sensitive data to external servers. The attack also employs persistent control to maintain communication with the attacker even after the tab is closed. Microsoft has acknowledged the vulnerability, specifying that enterprise M365 Copilot customers were not affected by this specific attack vector.