How ‘Reprompt’ Attack Let Hackers Steal Data From Microsoft Copilot

Varonis found a “Reprompt” attack that let a single link hijack Microsoft Copilot Personal sessions and exfiltrate data; Microsoft patched it in January 2026.

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data ...

How a simple link allowed hackers to bypass Copilot's security guardrails - and what Microsoft did about it

Reprompt impacted Microsoft Copilot Personal and, according to the team, gave "threat actors an invisible entry point to perform a data‑exfiltration chain that bypasses enterprise security controls ...

Reprompt attack hijacked Microsoft Copilot sessions for data theft

Researchers identified an attack method dubbed "Reprompt" that could allow attackers to infiltrate a user's Microsoft Copilot session and issue commands to exfiltrate sensitive data.