VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...
Dark Reading

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

One aspect of the "AI revolution" keeping security professionals up at night is the continued prevalence of prompt injection attacks that enable exfiltration of sensitive data — even against dominant ...