Skip to content

Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data #438

New issue
New issue
Open
Open
Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data#438
Labels
additionNew security issue or vulnerability
@Happy-pixel-26

Description

@Happy-pixel-26
Happy-pixel-26
opened on Jan 14, 2026

Varonis Threat Labs discovered a way to bypass Copilot’s safety controls, steal users’ darkest secrets, and evade detection._

Varonis Threat Labs uncovered a new attack flow, dubbed Reprompt, that gives threat actors an invisible entry point to perform a data‑exfiltration chain that bypasses enterprise security controls entirely and accesses sensitive data without detection — all from one click.

First discovered in Microsoft Copilot Personal, Reprompt is important for multiple reasons:

  • Only a single click on a legitimate Microsoft link is required to compromise victims. No plugins, no user interaction with Copilot.
  • The attacker maintains control even when the Copilot chat is closed, allowing the victim's session to be silently exfiltrated with no interaction beyond that first click.
  • The attack bypasses Copilot's built-in mechanisms that were designed to prevent this.
  • All commands are delivered from the server after the initial prompt, making it impossible to determine what data is being exfiltrated just by inspecting the starting prompt. Client-side tools can't detect data exfiltration as a result.
  • The attacker can ask for a wide array of information such as "Summarize all of the files that the user accessed today," "Where does the user live?" or "What vacations does he have planned?"
  • Reprompt is fundamentally different from AI vulnerabilities such as EchoLeak, in that it requires no user input prompts, installed plugins, or enabled connectors.
  • Microsoft has confirmed the issue has been patched as of today's date, helping prevent future exploitation and emphasizing the need for continuous cybersecurity vigilance. Enterprise customers using Microsoft 365 Copilot are not affected. Enterprise customers using Microsoft 365 Copilot are not affected.

Continue reading for an exclusive look at how Reprompt works in Microsoft Copilot and recommendations on staying safe from emerging AI-related threats.

Read it here: https://www.varonis.com/blog/reprompt

Metadata

Metadata

Assignees

No one assigned

    Labels

    additionNew security issue or vulnerability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions