Microsoft addresses single-click security flaw in Copilot that had the potential to compromise data.

Quick Overview

• Microsoft has addressed a significant vulnerability in Copilot AI referred to as Reprompt.
• This defect enabled attackers to extract user data through a single-click prompt injection.
• The vulnerability was uncovered by Varonis and subsequently reported to Microsoft.
• The exploit had the potential to access data including file access history and conversation memory.
• Users are advised to be vigilant with links that direct to AI tools and prefilled prompts.

Comprehending the Copilot Vulnerability

Recently, Microsoft’s Copilot, an AI-based assistant, was discovered to possess a critical security weakness dubbed Reprompt. This flaw was detected by the data security company Varonis and has since been corrected by Microsoft. The defect permitted potential attackers to extract sensitive user information via a specifically designed single-click prompt injection.

Mechanism of the Reprompt Exploit

Reprompt enabled attackers to deceive users into clicking a link that seemed authentic but redirected to Microsoft’s Copilot through a web browser. This link contained a specially formatted ?q= parameter with a pre-filled AI prompt, referred to as Parameter 2 Prompt (P2P) injection. After the user’s authenticated Copilot session loaded, the AI would start communicating with a server controlled by the attacker, allowing data extraction such as conversation history, location details, file access history, and more.

Implications of the Attack

Once initiated, the attack could remain effective even if the user closed the Copilot chat window, as the session-level context was leveraged. The attack could bypass detection by client-side tools, since the payload was sent through later AI responses. Varonis noted that no additional user actions or plugins were necessary after the initial click, and there was no restriction on the types of data that could be extracted.

Prevention and User Advice

Although no Common Vulnerabilities and Exposures (CVE) index number has been assigned to Reprompt, and there haven’t been any exploit reports, Varonis recommends that users stay cautious. This includes examining links, particularly those that open AI tools or prefilled prompts, and being cautious about AI requests for personal details. Users should terminate sessions and report any unusual activities promptly.

Recap

Microsoft has promptly addressed a critical security vulnerability in its Copilot AI, which could have enabled attackers to access sensitive user information via a single-click exploit. The flaw, identified by Varonis and termed Reprompt, underscores the importance of being alert when engaging with AI tools. Users are advised to be mindful of links and prefilled prompts to safeguard their online security.

Q: What is the Reprompt vulnerability?

A: The Reprompt vulnerability exists within Microsoft’s Copilot AI, allowing attackers to extract user data through a single-click prompt injection.

Q: How does the Reprompt exploit function?

A: The exploit works by deceiving users into clicking a link with a specially designed parameter that establishes communication between Copilot and a server controlled by an attacker.

Q: What type of data could this vulnerability compromise?

A: Information potentially at risk includes file access history, location, conversation memory, the user’s name, and events recorded in the Copilot chat history.

Q: What measures can users take to safeguard themselves?

A: Users should be cautious with links, particularly those directing to AI tools, and verify that prefilled prompts look trustworthy. They should also be cautious of AI requests for personal information.

Q: Has the Reprompt vulnerability been exploited publicly?

A: Currently, there are no indications of the Reprompt vulnerability being exploited, and it has not been assigned a CVE index number.

• Category: Australia Tech News