How ‘Reprompt’ Attack Let Hackers Steal Data From Microsoft Copilot

Varonis found a “Reprompt” attack that let a single link hijack Microsoft Copilot Personal sessions and exfiltrate data; Microsoft patched it in January 2026.
SecurityWeek

New ‘Reprompt’ Attack Silently Siphons Microsoft Copilot Data

The Reprompt Copilot attack bypassed the LLMs data leak protections, leading to stealth information exfiltration after the ...

Reprompt attack hijacked Microsoft Copilot sessions for data theft

Researchers identified an attack method dubbed "Reprompt" that could allow attackers to infiltrate a user's Microsoft Copilot session and issue commands to exfiltrate sensitive data.

Your Copilot data can be hijacked with a single click - here's how

ZDNET's key takeaways Dubbed "Reprompt," the attack used a URL parameter to steal user data.A single click was enough to ...

One click is all it takes: How ‘Reprompt’ turned Microsoft Copilot into a data exfiltration tool

A new one-click attack flow discovered by Varonis Threat Labs researchers underscores this fact. ‘Reprompt,’ as they’ve ...
Cybernews

How a single click can trick Microsoft Copilot into leaking your personal data

A cyber security researcher has uncovered a single click attack that could trick Microsoft’s consumer focused AI assistant ...

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data ...

Microsoft patches single-click Copilot data stealing attack

The first Patch Tuesday (Wednesday in the Antipodes) for the year included a fix for a single-click prompt injection attack ...
NewsBytes

New cyberattack can steal your data from Microsoft Copilot

Researchers have unveiled 'Reprompt', a novel attack method that bypasses Microsoft's Copilot AI assistant security controls, enabling data theft through a single user click.