Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
TechRadar

Microsoft patches critical security bug in Copilot Studio that could have leaked private data

Microsoft Copilot Studio had a security issues which could have allowed threat actors to exfiltrate sensitive data from vulnerable endpoints, experts have warned. Cybersecurity researcher Evan Grant ...
Virtualization Review

Hands On: Getting Started with Microsoft Copilot Studio Agents

Microsoft Copilot Studio made it easy to create a first agent from a plain-language description, but SharePoint-backed knowledge required extra connection setup. A SharePoint-hosted Excel workbook did ...