Researchers from Varonis discovered a flaw in Microsoft’s Copilot AI that allowed attackers to steal sensitive user data with a single click. By embedding malicious instructions in a legitimate URL, they extracted information like user names and locations without needing further user interaction. The exploit bypassed standard security measures.

Microsoft’s Copilot for M365 has a significant vulnerability that allows users to access files without leaving an audit log entry, posing serious security and compliance risks. Despite fixing the issue, Microsoft has chosen not to inform customers or disclose the vulnerability publicly, raising concerns about their transparency and responsibility regarding security practices. The article details the author’s frustrating experience reporting the vulnerability and highlights the implications for organizations relying on accurate audit logs.

A vulnerability in GitHub Copilot Chat, discovered by Legit Security, allowed the leakage of sensitive data such as AWS keys and zero-day bugs from private repositories. By exploiting hidden comments and remote prompt injection, attackers could control Copilot's responses and exfiltrate sensitive information from users. GitHub has since addressed the issue by blocking the method used for data leakage.

A recently discovered zero-click vulnerability in Microsoft 365 Copilot could potentially expose sensitive user data without any interaction required from the user. This flaw highlights significant security concerns regarding AI integration in enterprise services, prompting calls for immediate remediation measures from Microsoft.