HomeMicrosoft Copilot Vulnerable to Indirect Prompt Injection, Hidden Report Reveals
Safety research firm PromptArmor recently published a report highlighting a serious security flaw in Microsoft's AI agent service Copilot Cowork, which is part of Microsoft 365. Attackers can use a method known as "indirect prompt injection" to quietly steal and leak confidential files from an organization's internal cloud storage without user consent.
Malicious Instructions Concealed in Office Templates
As an integrated AI assistant, Cowork has broad permissions to send emails, post messages in Teams, and access internal data from OneDrive and SharePoint. However, researchers have discovered that attackers can embed harmful instructions within web pages, documents, or seemingly routine office automation templates, such as a "Weekly Work Review," to trick the AI agent into executing them.
When a user asks Cowork to handle a file that contains these malicious prompts, the AI agent is deceived into falsely claiming it needs to generate a document preview. Then it automatically retrieves pre-authenticated download links for sensitive files and sends those links back to the attacker through Teams messages—all carried out in the background, making it extremely hard for users to notice.
Scheduled Tasks Amplify Risk and Are Hard to Block
The report notes that because Copilot Cowork can perform tasks on a scheduled basis, this significantly increases the security danger. For instance, recurring automated tasks like "Weekly Report Summary," which run periodically, can repeatedly trigger and execute the attack chain in the background—even when the user is away from their screen and not actively using the system.
In security tests, this attack method achieved a 100% success rate across five trials. Worse still, administrators have limited ability to monitor or control such "skill files," and the vulnerability is not only effective in automatic mode but also remains exploitable when explicitly calling more powerful large models like Claude Opus 4.7.
Related article
Lei Jun confirms Xiaomi's desktop AI agent MiClaw in development, MiMo-V2-Pro launches across all platforms
At the 2026 China Development High-level Forum, Xiaomi Group's Lei Jun confirmed that the long-awaited desktop version of the AI agent "MiClaw" (crab) is now on the development roadmap. Xiaomi had already launched a limited closed beta for the mobile
OpenAI Restarts Robot Business, Automan Seeks Engineers for Infrastructure R&D
On June 1st, OpenAI CEO Sam Altman announced on social media that the company is re-entering the robotics field, releasing job openings for the OpenAI Robotics team. The company is hiring full-stack hardware, operations, systems, and machine learning
Bain forecasts US$100 billion SaaS market in agentic AI automation
Bain & Company has estimated a $100 billion market in the U.S. for SaaS companies leveraging agentic AI. The firm said this market stems from automating coordination tasks within enterprise systems.This estimate comes from the second installment in B
Related Special Topic Recommendations
code
Best AI Code Reviewers: Automate Clean Code Compliance & Refactor Legacy Repo Files
Discover the 2026 best AI code reviewers on XIX.AI. Our curated list features top-rated, game-changing tools for automating clean code compliance and refactoring legacy repo files. Compare free vs paid options with real-world tests and weekly updated rankings. Unlock your AI edge today.
10 tools
xix.ai
Text-to-speech
Top AI TTS Apps for Dyslexia: Support Learning and Reading Efficiency for Students
Discover the 2026 latest top-rated AI TTS apps curated for dyslexia support. Our expert rankings compare free vs paid tools, highlighting powerful features for enhanced reading efficiency and learning. Explore must-try, game-changing solutions to unlock student potential. Start your journey at XIX.AI.
10 tools
xix.ai
Comic Creation
Top AI Generators for Shonen Manga: Create High-Octane Action Sequences & Energy Effects
Discover the 2026 best AI generators for Shonen manga at XIX.AI. Our top-rated, curated list features powerful tools for creating high-octane action sequences and dynamic energy effects. Compare free vs paid options with real-world tests. Unlock your creative potential and start crafting epic manga today!
15 tools
xix.ai
Business
Best AI Expense Trackers: Scan Receipts & Categorize Corporate Spend Automatically
2026 Latest Best AI Expense Trackers: Top-rated tools to scan receipts & categorize corporate spend automatically. Discover powerful, game-changing solutions for effortless expense management, accurate financial tracking, and streamlined compliance. Our curated, weekly-updated comparison of free vs paid options helps you find the perfect fit. Unlock your AI edge with XIX.AI's expert picks.
10 tools
xix.ai
Business
Best AI Recruiting Tools: Screen Resumes & Automate Candidate Interview Scheduling
Discover the 2026 latest top-rated AI recruiting tools on XIX.AI. Our curated list features powerful, game-changing solutions for screening resumes and automating candidate interview scheduling. Compare free vs paid options with real-world tests and weekly updated rankings. Find your perfect hiring assistant and streamline your recruitment today!
10 tools
xix.ai
Productivity
AI Personal Wellness & Focus Coaches: Manage Burnout & Boost Mental Energy Levels
Discover the 2026 best AI personal wellness and focus coaches on XIX.AI. Our curated rankings feature top-rated, game-changing tools to manage burnout and boost mental energy. Compare free vs paid options with real-world insights. Unlock your path to peak productivity and well-being today.
10 tools
xix.ai
Comments (0)
0/500
Safety research firm PromptArmor recently published a report highlighting a serious security flaw in Microsoft's AI agent service Copilot Cowork, which is part of Microsoft 365. Attackers can use a method known as "indirect prompt injection" to quietly steal and leak confidential files from an organization's internal cloud storage without user consent.
Malicious Instructions Concealed in Office Templates
As an integrated AI assistant, Cowork has broad permissions to send emails, post messages in Teams, and access internal data from OneDrive and SharePoint. However, researchers have discovered that attackers can embed harmful instructions within web pages, documents, or seemingly routine office automation templates, such as a "Weekly Work Review," to trick the AI agent into executing them.
When a user asks Cowork to handle a file that contains these malicious prompts, the AI agent is deceived into falsely claiming it needs to generate a document preview. Then it automatically retrieves pre-authenticated download links for sensitive files and sends those links back to the attacker through Teams messages—all carried out in the background, making it extremely hard for users to notice.
Scheduled Tasks Amplify Risk and Are Hard to Block
The report notes that because Copilot Cowork can perform tasks on a scheduled basis, this significantly increases the security danger. For instance, recurring automated tasks like "Weekly Report Summary," which run periodically, can repeatedly trigger and execute the attack chain in the background—even when the user is away from their screen and not actively using the system.
In security tests, this attack method achieved a 100% success rate across five trials. Worse still, administrators have limited ability to monitor or control such "skill files," and the vulnerability is not only effective in automatic mode but also remains exploitable when explicitly calling more powerful large models like Claude Opus 4.7.
Lei Jun confirms Xiaomi's desktop AI agent MiClaw in development, MiMo-V2-Pro launches across all platforms
At the 2026 China Development High-level Forum, Xiaomi Group's Lei Jun confirmed that the long-awaited desktop version of the AI agent "MiClaw" (crab) is now on the development roadmap. Xiaomi had already launched a limited closed beta for the mobile
OpenAI Restarts Robot Business, Automan Seeks Engineers for Infrastructure R&D
On June 1st, OpenAI CEO Sam Altman announced on social media that the company is re-entering the robotics field, releasing job openings for the OpenAI Robotics team. The company is hiring full-stack hardware, operations, systems, and machine learning
Bain forecasts US$100 billion SaaS market in agentic AI automation
Bain & Company has estimated a $100 billion market in the U.S. for SaaS companies leveraging agentic AI. The firm said this market stems from automating coordination tasks within enterprise systems.This estimate comes from the second installment in B
Discover the 2026 best AI code reviewers on XIX.AI. Our curated list features top-rated, game-changing tools for automating clean code compliance and refactoring legacy repo files. Compare free vs paid options with real-world tests and weekly updated rankings. Unlock your AI edge today.
10 tools
xix.ai
Discover the 2026 latest top-rated AI TTS apps curated for dyslexia support. Our expert rankings compare free vs paid tools, highlighting powerful features for enhanced reading efficiency and learning. Explore must-try, game-changing solutions to unlock student potential. Start your journey at XIX.AI.
10 tools
xix.ai
Discover the 2026 best AI generators for Shonen manga at XIX.AI. Our top-rated, curated list features powerful tools for creating high-octane action sequences and dynamic energy effects. Compare free vs paid options with real-world tests. Unlock your creative potential and start crafting epic manga today!
15 tools
xix.ai
2026 Latest Best AI Expense Trackers: Top-rated tools to scan receipts & categorize corporate spend automatically. Discover powerful, game-changing solutions for effortless expense management, accurate financial tracking, and streamlined compliance. Our curated, weekly-updated comparison of free vs paid options helps you find the perfect fit. Unlock your AI edge with XIX.AI's expert picks.
10 tools
xix.ai
Discover the 2026 latest top-rated AI recruiting tools on XIX.AI. Our curated list features powerful, game-changing solutions for screening resumes and automating candidate interview scheduling. Compare free vs paid options with real-world tests and weekly updated rankings. Find your perfect hiring assistant and streamline your recruitment today!
10 tools
xix.ai
Discover the 2026 best AI personal wellness and focus coaches on XIX.AI. Our curated rankings feature top-rated, game-changing tools to manage burnout and boost mental energy. Compare free vs paid options with real-world insights. Unlock your path to peak productivity and well-being today.
10 tools
xix.ai
