Varonis Discovers Reprompt Exploit That Steals Data in Microsoft Copilot

Published on January 15, 2026 | Translated from Spanish
Conceptual illustration of a cyber attack where malicious code lines interact with the Microsoft Copilot logo, representing the extraction of personal data.

Varonis Discovers Reprompt Exploit that Steals Data in Microsoft Copilot

A team of researchers from Varonis Threat Labs has revealed the details of a new attack technique, called Reprompt. This method exploits a weakness in the Microsoft Copilot AI assistant, allowing malicious actors to obtain users' confidential information during their interaction with the system. The discovery highlights the security challenges in conversational artificial intelligence platforms. 🚨

Reprompt Attack Mechanics

The Reprompt exploit works by injecting commands and instructions designed to deceive the language model that powers Copilot. Attackers manage to make the assistant bypass its internal security protocols and reveal data it should protect. The process takes advantage of how the system processes and prioritizes prompts within the flow of a conversation.

Key characteristics of the vulnerability:
  • Manipulates system instructions to bypass safeguards.
  • Extracts personal and sensitive information directly from the assistant's responses.
  • Exploits conversation dynamics to make Copilot execute dangerous commands.
It seems that even the most advanced AIs can have a bad day and confess more than they should when asked the right way.

Microsoft's Response and Measures

After receiving the report from Varonis, Microsoft acted quickly to fix this flaw in its Copilot service. The company implemented corrective measures that strengthen the assistant's restrictions, preventing it from executing the malicious commands associated with the Reprompt exploit.

Actions taken after the discovery:
  • Implement security patches to strengthen model restrictions.
  • Review and adjust how Copilot handles complex user prompts.
  • Continuously audit security to prevent similar attack vectors.

Reflection on AI Security

This incident underscores the persistent risks that emerge when integrating AI assistants into everyday and productive digital environments. It demonstrates that a model's ability to follow instructions can become an attack vector if not audited and protected constantly. The need to develop and maintain robust defense mechanisms in these technologies is more critical than ever. 🔒