Skip to main content

Microsoft Copilot's Security Flaw: AI Assistant Can Secretly Leak Your Files

Your AI Assistant Might Be Leaking Secrets

New research reveals a disturbing security flaw in Microsoft's Copilot Cowork, the AI assistant built into Microsoft 365. Security firm PromptArmor found that attackers can use a technique called "indirect prompt injection" to make the AI silently steal and share your company's confidential files.

Image

The Hidden Danger in Everyday Documents

The problem stems from Copilot Cowork's broad access to corporate systems. With permissions to send emails, post Teams messages, and retrieve files from OneDrive and SharePoint, it's incredibly powerful - and potentially dangerous when manipulated.

Attackers can hide malicious instructions in what look like harmless documents or office templates. Imagine downloading a "Weekly Work Review" template that secretly contains code designed to trick the AI. When you ask Copilot to work with that file, the damage begins.

"The AI gets fooled into believing it needs to generate a document preview," explains the report. "Then it quietly fetches sensitive files and sends download links straight to the attacker through Teams - all without the user ever knowing."

Why This Threat Keeps Security Teams Up at Night

What makes this vulnerability particularly scary is how it can operate in the background:

  • Automated attacks: Copilot's scheduling feature means these exploits can run repeatedly through tasks like "Weekly Report Summary"
  • Perfect success rate: In testing, the attack method worked every single time
  • Hard to detect: Administrators have limited visibility into these "skill files"
  • Works across AI models: The vulnerability persists even when using more powerful AI like Claude Opus 4.7

"This isn't just theoretical," warns one researcher. "We're talking about a real risk where your AI assistant could literally hand over the company's crown jewels without anyone noticing."

Key Points

  • Security Alert: Microsoft Copilot Cowork has a serious vulnerability that could leak sensitive files
  • Attack Method: Hackers hide malicious code in documents to trick the AI into sharing data
  • Automatic Danger: Scheduled tasks make the risk persistent and hard to stop
  • Perfect Success: Tests show the attack works 100% of the time
  • Limited Protection: Current security measures offer little defense against this threat

Microsoft has yet to comment on when a fix might be available. For now, businesses using Copilot Cowork should be extra cautious about which documents they ask the AI to process.