Microsoft Copilot Cowork Exfiltrates Files
A critical security flaw in Microsoft Copilot Cowork allows attackers to use prompt injection to trick the AI agent into exfiltrating sensitive files like OneDrive data using the user's own permissions.
Simon Willison · May 26, 2026