Thomas Trutschel / Contributor via Photothek / Getty Images
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Dubbed "Reprompt," the attack used a URL parameter to steal user data.
A single click was enough to trigger the entire attack chain.
Attackers could pull sensitive Copilot data, even after the window closed.
Researchers have revealed a new attack that requires only one click to execute, bypassing Microsoft Copilot security controls and enabling the theft of user data.
Also: How to remove Copilot AI from Windows 11 today
Meet Reprompt
On Wednesday, Varonis Threat Labs published new research documenting Reprompt, a new attack method that impacts Microsoft's Copilot AI assistant.
... continue reading