Microsoft Copilot Cowork Exfiltrates Files

Simon Willison·Simon Willison·Tech·

Microsoft Copilot Cowork Exfiltrates Files The biggest challenge in designing agentic systems continues to be preventing them from enabling attackers to exfiltrate data. In this case Microsoft Copilot Cowork (yes, that's a real product name) was allowing agents to send emails to the user's own inbox without approval... but those messages were then displayed in a way that could leak data to an attacker via rendered images: Because these messages can contain external images that trigger network re...

Read full article →

Related Articles

Should I run plain Docker Compose in production in 2026?
pmig · Hacker News · 1mo ago
Computer Use is 45x more expensive than structured APIs
palashawas · Hacker News · 1mo ago
Bun is being ported from Zig to Rust
SergeAx · Hacker News · 1mo ago
Show HN: Tilde.run – Agent sandbox with a transactional, versioned filesystem
ozkatz · Hacker News · 1mo ago
RaTeX: KaTeX-compatible LaTeX rendering engine in pure Rust
atilimcetin · Hacker News · 1mo ago