Microsoft patched a critical vulnerability in its M365 Copilot platform last Tuesday after researchers revealed an exploit that allowed attackers to extract two-factor authentication codes. The flaw enabled malicious actors to trick the AI system into summarising sensitive emails containing security tokens, effectively bypassing standard safety protocols.
This incident highlights a fundamental limitation in how large language models process third-party content. Current architectures struggle to distinguish between legitimate user instructions and malicious prompts hidden within the data the AI is analysing. Consequently, security teams must rely on complex, often ad hoc guardrails to mitigate risks that the underlying technology cannot inherently prevent.
* The vulnerability demonstrated how attackers can bypass form submission limits by embedding sensitive data within HTML tags like `` or `
