Microsoft Copilot Cowork Vulnerability — PromptArmor Discloses File-Exfiltration Path Through Agent-Generated Email

Summary

PromptArmor disclosed a data-exfiltration vulnerability in Microsoft Copilot Cowork — a Microsoft 365 product where agents can collaborate on documents and email — on May 26. The attack chain has two parts. First, an agent can be induced to send an unapproved message into a user's inbox. Second, because that message is rendered in the user's mail client with external image references, simply opening the message triggers a network request that exfiltrates data. PromptArmor also showed that prompt