Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot
August 27, 2024 at 02:27AM A now-patched vulnerability in Microsoft 365 Copilot allowed for theft of sensitive user information using ASCII smuggling. Attack methods included prompting injection, data exfiltration via hidden links, and exploiting AI tools. Microsoft addressed the issue after responsible disclosure in January 2024, yet risks in AI tools persist, emphasizing the need … Read more