Microsoft Patches Copilot Vulnerability as Hackers Eye to Exploit With New “Reprompt” Attack

News
Rishaj Upadhyay
Rishaj Upadhyay Shield
News Editor
News
Reading time icon 2 min. read

Calendar icon Published on

Blog_VTL-Reprompt_202512_FNL

A newly discovered attack, called Reprompt, has raised eyebrows of security researchers and fueled concerns around AI security. Security researchers at Varonis Threat Labs have uncovered how Microsoft Copilot could be exploited to silently extract personal data with just a single click (via Bleeping Computer). The details are chilling, to say the least.

Per the detailed report, attackers could bypass Copilot’s built-in safety controls and access sensitive user information without any visible warning. The fact that how little interaction is required makes it even more concerning. Victims only need to click on a genuine Microsoft Copilot link.

According to the researchers, Reprompt abuses how Copilot processes prompts passed through URLs. By injecting hidden instructions into a link, attackers could trigger Copilot to run commands automatically using an already active session. The scariest part is that even after closing the Copilot chat doesn’t stop the attack. The data extraction continues quietly in the background.

Blog_VTL-Reprompt_Diagram_202601_V3
Image credit: Varonis Threat Labs

What makes Reprompt different from earlier AI vulnerabilities is its stealth nature. Commands are delivered dynamically from an external server after the first click, making it nearly impossible to see what information is being accessed. The attack can gradually pull data such as recent file activity, location details, personal plans, and even conversation history.

The security firm also highlighted a vulnerability where Copilot’s safeguards only apply to the first request. By instructing the AI to repeat actions, attackers were able to bypass protections and leak information on subsequent attempts. This allowed data to be extracted step by step, forming an ongoing chain that adapts based on previous responses.

Thankfully, Microsoft has since confirmed that the issue has been patched. The company says Copilot Personal users are now protected, and enterprise customers using Microsoft 365 Copilot were not affected by the vulnerability.

Article feature image: Varonis Threat Labs

More about the topics: AI, Copilot, Cybersecurity

Rishaj Upadhyay

Rishaj Upadhyay Shield

News Editor

Rishaj is a tech writer who has been writing professionally for over four years, with a passion for Android, Windows, and all things tech. He initially joined Windows Report as a tech journalist and is now taking over as a news editor. When he's not breaking the keyboard, you can find him cooking, or listening to music/podcasts.

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages