Microsoft announced new features at Ignite 2025, focusing on Azure Copilot, which automates cloud management tasks like migration and optimization. The updates also highlight advancements in Azure's AI infrastructure, enhancing performance and scalability across services.

Researchers from Varonis discovered a flaw in Microsoft’s Copilot AI that allowed attackers to steal sensitive user data with a single click. By embedding malicious instructions in a legitimate URL, they extracted information like user names and locations without needing further user interaction. The exploit bypassed standard security measures.

Microsoft’s Copilot for M365 has a significant vulnerability that allows users to access files without leaving an audit log entry, posing serious security and compliance risks. Despite fixing the issue, Microsoft has chosen not to inform customers or disclose the vulnerability publicly, raising concerns about their transparency and responsibility regarding security practices. The article details the author’s frustrating experience reporting the vulnerability and highlights the implications for organizations relying on accurate audit logs.

The article discusses how GitHub leveraged Copilot to enhance their secret protection engineering efforts, resulting in significant efficiency improvements. By integrating AI-driven tools, the team was able to accelerate their workflows and improve code security practices. This initiative illustrates the potential of AI in streamlining complex engineering tasks.

The article discusses the process of rooting the Copilot application, detailing the methods and techniques used to bypass its security measures. It provides insights into the vulnerabilities exploited and the implications for software security practices. The findings highlight the importance of robust security measures in application development.