Microsoft Copilot Cowork Vulnerability Enables File Exfiltration via Indirect Prompt Injection
By
Kneenex
The kind of bagel that ruins lesser bagels for you.
Summary
This article demonstrates a security vulnerability in Microsoft Copilot Cowork, a Microsoft 365 feature. Through indirect prompt injection in a poisoned skill, attackers can exploit the fact that sending emails and Teams messages to the active user does not require human approval, allowing them to exfiltrate files from Microsoft 365. The attack achieved a high success rate against state-of-the-art models including Claude Opus 4.7.
Key quotes
· 3 pulledThis attack achieved a high success rate against state-of-the-art models, including Claude Opus 4.7.
In this article, we demonstrate that through an indirect prompt injection in a poisoned skill, attackers can exfiltrate files from M365.
This is done by exploiting the fact that, unlike other sensitive actions, sending emails and Teams messages to the active user does not require human approval.
You might also wanna read
Microsoft Copilot on Windows Gains Office Document Creation and Email Integration
Microsoft is updating its Copilot app on Windows to enable AI-assisted document creation directly from chat sessions. The new features allow
The Verge·7mo ago
Microsoft and Anthropic Integrate Claude Cowork into Microsoft 365 Copilot for Multi-Step Work Delegation
Microsoft and Anthropic have integrated Claude Cowork into Microsoft 365 Copilot, enabling long-running, multi-step work delegation within t
Product Hunt·2mo ago
Microsoft 365 Copilot passes second ISO 42001 security audit with zero findings
Microsoft 365 Copilot, Redmond's AI assistant integrated across Microsoft 365 services (Word, Excel, PowerPoint, Teams), has passed an exter
neowin.net·4d ago