Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.
Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was deployed on January 15. Public disclosure went live on Wednesday.That CVE matters less for what it fixes and more for what it signals. Capsule’s research calls Microsoft’s decision to assign a CVE to a prompt injection vulnerability in an agentic platform “highly unusual.” Microsoft previously assigned CVE-2025-32711 (CVSS 9.3) to EchoLeak, a prompt injection in M365 Copilot patched in June 2025, but that targeted a productivity assistant, not an agent-building platform. If the precedent extends to agentic systems broadly, every enterprise running agents inherits a new vulnerability c [...]
Rating
Innovation
Pricing
Technology
Usability
We have discovered similar tools to what you are looking for. Check out our suggestions for similar AI tools.
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it
A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Securit [...]
Microsoft launches 'Hey Copilot' voice assistant and autonomous agents for all Windows 11 PCs
Microsoft is fundamentally reimagining how people interact with their computers, announcing Thursday a sweeping transformation of Windows 11 that brings voice-activated AI assistants, autonomous softw [...]
Microsoft announces Copilot Cowork with help from Anthropic — a cloud-powered AI agent that works across M365 apps
If you thought Anthropic was about to run away with the enterprise AI business...you're not totally off the mark, actually.This morning, Microsoft announced "Copilot Cowork" a new cloud [...]
Microsoft says ungoverned AI agents could become corporate 'double agents.' Its fix costs $99 a month.
Microsoft today announced the general availability of Agent 365 and Microsoft 365 Enterprise 7, two products designed to bring security and governance to the rapidly growing population of AI agents op [...]
Microsoft’s Copilot can now build apps and automate your job — here’s how it works
Microsoft is launching a significant expansion of its Copilot AI assistant on Tuesday, introducing tools that let employees build applications, automate workflows, and create specialized AI agents usi [...]
Microsoft Copilot gets 12 big updates for fall, including new AI assistant character Mico
Microsoft today held a live announcement event online for its Copilot AI digital assistant, with Mustafa Suleyman, CEO of Microsoft's AI division, and other presenters unveiling a new generation [...]
Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.
On March 30, BeyondTrust proved that a crafted GitHub branch name could steal Codex’s OAuth token in cleartext. OpenAI classified it Critical P1. Two days later, Anthropic’s Claude Code source cod [...]
Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat
Microsoft last week took Agent 365, its management platform for AI agents, out of preview and into general availability — a move that signals the software giant believes the governance challenge aro [...]