Microsoft Copilot Cowork Exfiltrates Files

simonwillison.net·May 26, 2026

Microsoft's Copilot Cowork has been found to allow users to send emails to their own inboxes without approval, posing a security risk as these messages could leak data through external images, potentially enabling attackers to exfiltrate files via pre-authenticated download links.

The key insight for you is the security risk highlighted by the recent issue with Microsoft Copilot Cowork, where agent-driven email actions could lead to data exfiltration via external images in emails. This underscores the importance of developing robust security measures in agentic AI systems to prevent unauthorized data leaks, particularly when dealing with prompt injection vulnerabilities.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from AI Productivity

Recent stories curated alongside this one.

Browse all AI Productivity →

Microsoft Copilot Cowork Exfiltrates Files

Want more content like this?

More from AI Productivity

Pasted File Editor

Why Video Agent models are next — Ethan He, xAI Grok Imagine

May 2026 newsletter

The solution might be cancelling my AI subscription

Quoting Karen Kwok for Reuters Breakingviews