Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
Dark Reading

Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data

Researchers have exploited a vulnerability in Microsoft's Copilot Studio tool allowing them to make external HTTP requests that can access sensitive information regarding internal services within a ...
Virtualization Review

Hands On: Getting Started with Microsoft Copilot Studio Agents

Microsoft Copilot Studio made it easy to create a first agent from a plain-language description, but SharePoint-backed knowledge required extra connection setup. A SharePoint-hosted Excel workbook did ...