Johann Rehberger's research revealed that Microsoft Copilot was vulnerable to a chain of attacks, beginning with prompt injection, allowing data theft and exploitation.
Rehberger identified the exploit's first stage as a phishing email containing a malicious document, which triggered prompt injection, letting Copilot execute unauthorized actions.
Microsoft acknowledged Rehberger's findings and stated they implemented various changes to fortify Copilot against similar attacks but were vague about the specific mitigations.
The exploit involved using a Word document that instructed Copilot to become a 'scammer', enabling unauthorized access and interaction with sensitive client emails.
[
Collection
]
[
|
...
]