Tech News
← Back to articles

How this one-click Copilot attack bypassed security controls - and what Microsoft did about it

2026-01-15 | original
read original related products more articles

Ernesto r. Ageitos/Moment/Getty Images

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

Dubbed "Reprompt," the attack used a URL parameter to steal user data.

A single click was enough to trigger the entire attack chain.

Attackers could pull sensitive Copilot data, even after the window closed.

Researchers have revealed a new attack that required only one click to execute, bypassing Microsoft Copilot security controls and enabling the theft of user data.

Also: How to remove Copilot AI from Windows 11 today

Meet Reprompt

On Wednesday, Varonis Threat Labs published new research documenting Reprompt, a new attack method that affected Microsoft's Copilot AI assistant.

... continue reading

Related:
Update your headphones: Fast Pair vulnerability could let attackers track your location
Your smart home has too many apps - this new framework wants to fix that
Microsoft is closing its employee library and cutting back on subscriptions
Microsoft begins testing Windows 11 26H1 as it retools the OS for next-gen chips
Microsoft taps India’s Varaha for durable carbon removal offtake

© 2026 GoKawiil