The article discusses a security vulnerability in Microsoft 365 Copilot that allows arbitrary data exfiltration through specially crafted Mermaid diagrams. By exploiting an indirect prompt injection, attackers can prompt M365 Copilot to fetch sensitive tenant data, which is then encoded and sent to an attacker's server via a deceptive diagram resembling a login button.