Microsoft Copilot Cowork vulnerability enables file exfiltration via prompt injection

Simon Willison's Weblog

Prompt injection in Microsoft Copilot Cowork allows agents to send emails with external images that trigger network requests, exfiltrating data when opened. OneDrive pre-authenticated download links can also be leaked, enabling file theft.

MicrosoftCopilotPrompt engineering

Simon Willison's Weblog·Simon Willison

May 26, 3:36 PM