{“lastseen”:”2026-01-15T14:36:26″,”description”:”Researchers found a method to steal data which bypasses Microsoft Copilot’s built-in safety mechanisms. ****\\n\\nThe attack flow, called **Reprompt** , abuses how Microsoft Copilot handled URL parameters in order to hijack a user\u2019s existing Copilot Personal session.\\n\\nCopilot is an AI assistant which connects to a personal account and is integrated into Windows, the Edge browser, and various consumer applications.\\n\\nThe issue was fixed in Microsoft\u2019s January Patch Tuesday update, and there is no evidence of in\u2011the\u2011wild exploitation so far. Still, it once again shows how risky it can be to trust AI assistants at this point in time.\\n\\nReprompt hides a malicious prompt in the q parameter of an otherwise legitimate Copilot URL. When the page loads, Copilot auto\u2011executes that prompt, allowing an attacker to run actions in the victim\u2019s authenticated session after just a single click on a phishing link.\\n\\nIn other words, attackers can hide secret instructions inside the web address of a Copilot link, in a place most users never look. Copilot then runs those hidden instructions as if the users had typed them themselves.\\n\\nBecause Copilot accepts prompts via a **q** URL parameter and executes them automatically, a phishing email can lure a user into clicking a legitimate-looking Copilot link while silently injecting attacker-controlled instructions into a live Copilot session.\\n\\nWhat makes Reprompt stand out from other, similar prompt injection attacks is that it requires no user-entered prompts, no installed plugins, and no enabled connectors.\\n\\nThe basis of the Reprompt attack is amazingly simple. Although Copilot enforces safeguards to prevent direct data leaks, these protections only apply to the initial request. The attackers were able to bypass these guardrails by simply instructing Copilot to repeat each action twice.\\n\\nWorking from there, the researchers noted:\\n\\n\\u003e \u201cOnce the first prompt is executed, the attacker\u2019s server issues follow\u2011up instructions based on prior responses and forms an ongoing chain of requests. This approach hides the real intent from both the user and client-side monitoring tools, making detection extremely difficult.\u201d\\n\\n## How to stay safe\\n\\nYou can stay safe from the Reprompt attack specifically by installing the January 2026 Patch Tuesday updates.\\n\\nIf available, use Microsoft 365 Copilot for work data, as it benefits from Purview auditing, tenant\u2011level data loss prevention (DLP), and admin restrictions that were not available to Copilot Personal in the research case. DLP rules look for sensitive data such as credit card numbers, ID numbers, health data, and can block, warn, or log when someone tries to send or store it in risky ways (email, OneDrive, Teams, Power Platform connectors, and more).\\n\\nDon’t click on unsolicited links before verifying with the (trusted) source whether they are safe.\\n\\nReportedly, Microsoft is testing a new policy that allows IT administrators to uninstall the AI-powered Copilot digital assistant on managed devices.\\n\\nMalwarebytes users can disable Copilot for their personal machines under **Tools \\u003e Privacy, **where you can toggle **Disable Windows Copilot** to on (blue).\\n\\n\\n\\nIn general, be aware that using AI assistants still pose privacy risks. As long as there are ways for assistants to automatically ingest untrusted input\u2014such as URL parameters, page text, metadata, and comments\u2014and merge it into hidden system prompts or instructions without strong separation or filtering, users remain at risk of leaking private information. \\n\\nSo when using any AI assistant that can be driven via links, browser automation, or external content, it is reasonable to assume \u201cReprompt\u2011style\u201d issues are at least possible and should be taken into consideration.\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2026-01-15T13:16:57″,”modified”:”2026-01-15T13:16:57″,”type”:”malwarebytes”,”title”:”\\u0026#8220;Reprompt\\u0026#8221; attack lets attackers steal data from Microsoft Copilot”,”source”:””,”references”:””,”id”:”MALWAREBYTES:343D010EA86234D12B7C14AB001130DD”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/01\/reprompt-attack-lets-attackers-steal-data-from-microsoft-copilot”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-01-15T14:36:26″,”description”:”Researchers found a method to steal data which bypasses Microsoft Copilot’s built-in safety mechanisms. ****\\n\\nThe attack flow, called **Reprompt** , abuses how Microsoft Copilot handled…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-35830","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n