A single click mounted a covert, multistage attack against Copilot

Microsoft fixed a vulnerability in its Copilot AI assistant that allowed white-hat researchers from Varonis to execute a covert, multistage attack by tricking users into clicking a malicious link. The attack extracted sensitive user data from Copilot chat history, even after the chat was closed, bypassing security controls and detection by endpoint protection apps. The attack involved a Varonis-controlled domain and a detailed prompt embedded in a URL parameter, extracting a user secret and further details from the target. Microsoft has since addressed the vulnerability to prevent such attacks in the future.