New "Reprompt" Attack Stealthily Extracts Microsoft Copilot User Data

Cybersecurity researchers from Varonis have identified a new attack called Reprompt, which enables the exfiltration of user data from Microsoft Copilot via a simple malicious link. This attack bypasses large language model (LLM) data leak protections and allows persistent data exfiltration, even after Copilot is closed. It leverages a Parameter 2 Prompt (P2P) injection, a double-query technique, and a query chain to continuously and undetectably extract data. The exploit relies on the ‘q’ parameter in URLs, activated as soon as the user clicks the link.