Microsoft Copilot just exfiltrated a company's files. The attack was one email. Here's the mechanism.

Microsoft Copilot just got tricked into exfiltrating a company's files by a single email — and the bug isn't really Microsoft's. It's the default behavior of every LLM-with-tools shipped in 2026. Here's the exact attack chain, plus the four mitigations that actually cut the risk in your own AI features.

martedì 26 maggio 2026 New tab

A penetration tester sent a single email to a company. No malware. No link to click. No user mistake. Just an email that sat in the inbox.

A week later, that company's confidential files had been quietly streamed to an attacker-controlled server — by their own Microsoft Copilot.

The employee did nothing. The IT team detected nothing. And the worst part is the attack wasn't novel. It's the same class of bug that's been hitting every AI integration shipped in the last 18 months, and almost nobody building AI features has fixed it in their own products.

If you've added "Ask AI about this document" or "summarize this email" to anything you ship, this is the post you need to read before Monday.

What actually happened

A penetration tester sent a single email to a company. No malware. No link to click. No user mistake. Just an email that sat in the inbox.

A week later, that company's confidential files had been quietly streamed to an attacker-controlled server — by their own Microsoft Copilot.

If you've added "Ask AI about this document" or "summarize this email" to anything you ship, this is the post you need to read before Monday.

What actually happened

Microsoft Copilot just exfiltrated a company's files. The attack was one email. Here's the mechanism.

Microsoft Copilot just exfiltrated a company's files. The attack was one email. Here's the mechanism.

Other newsrooms on this story

Related reading

Microsoft Copilot Chat error sees confidential emails exposed to AI tool

'CopyFail' attackers start cashing in on Linux flaw

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub…

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Warning Issued As Hackers Give Microsoft Windows The Finger: Report

Microsoft Phone Link abused to steal SMS OTPs from enterprise PCs

Other newsrooms on this story

Related reading

Microsoft Copilot Chat error sees confidential emails exposed to AI tool

'CopyFail' attackers start cashing in on Linux flaw

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub…

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Warning Issued As Hackers Give Microsoft Windows The Finger: Report

Microsoft Phone Link abused to steal SMS OTPs from enterprise PCs