Security Flaw in Microsoft Copilot Enterprise Let Attackers Run Code, Now Patched

Microsoft’s enterprise AI applications are expanding rapidly, but a recent discovery shows that security may not be keeping pace. In April, Dutch cybersecurity company Eye Security discovered a critical vulnerability in Copilot Enterprise.

The flaw was reportedly found when the security team was assessing Microsoft’s AI features. During the assessment, they discovered a way to execute commands at the system level, which stemmed from a security risk in the platform’s live Python sandbox (specifically in Jupyter Notebooks).

With the right command, attackers could run code in the background quietly. A system-level access vulnerability is a major risk for any enterprise platform. However, Microsoft rated the vulnerability a “medium” risk and did not offer a bug bounty. 

The researchers were able to leverage a commonly used tool, pgrep, to trigger the exploit. The fact that it worked was a security risk, and the features did not stop there. Eye Security’s team also accessed Microsoft’s Responsible AI Operations panel, intended for oversight and compliance in the Copilot systems. 

And they did not stop there; the analysis suggested broader issues related to Microsoft’s fast-expanding AI stack. With the speeding rollout of AI-enabled tools, established security practices have not caught up. Additionally, there have been recent intrusions attributed to state actors in Russia and China.

Moreover, it’s worth noting that Eye Security plans to break down the vulnerability in detail at BlackHat USA 25 next month. Their session, titled “Consent & Compromise,” is scheduled for August 7 at 1:30 PM in Las Vegas.