Back to news
Large Language Models
Jun 16, 2026

Microsoft Addresses Critical Vulnerability in M365 Copilot AI Platform

Jun 16, 2026
AI Summary

Microsoft has patched a critical vulnerability in its M365 Copilot AI platform that allowed hackers to access two-factor authentication (2FA) codes and other sensitive information. The exploit took advantage of the AI's inability to differentiate between legitimate user instructions and malicious content, raising concerns about data security in AI systems.

Microsoft Addresses Critical Vulnerability in M365 Copilot AI Platform
  • Microsoft identified and patched a critical vulnerability in its M365 Copilot AI platform last Tuesday.
  • Researchers revealed that the vulnerability could be exploited to retrieve 2FA codes and sensitive data from emails accessed by Copilot.
  • The issue stems from AI models' inability to distinguish between user commands and malicious instructions embedded in third-party content.
  • Hackers circumvented built-in guardrails by using markup language and HTML tags to exfiltrate data, allowing sensitive information to be sent to their servers.
llm securityvulnerability2fahackersexploit