At the recent Black Hat USA conference, security researcher Michael Bargury unveiled alarming vulnerabilities within Microsoft Copilot, demonstrating how hackers can potentially exploit this AI-powered tool for malicious purposes.
This revelation underscores the urgent need for organizations to reassess their security measures when using AI technologies like Microsoft Copilot.
Bargury’s presentation highlighted several methods through which attackers could leverage Microsoft Copilot to execute cyberattacks. One of the key revelations was the use of Copilot plugins to install backdoors in other users’ interactions, thereby facilitating data theft and enabling AI-driven social engineering attacks.
By leveraging Copilot’s capabilities, hackers can covertly search for and extract sensitive data, bypassing traditional security measures that focus on file and data protection.
This is achieved by altering Copilot’s behavior through prompt injections, which changes the AI’s responses to suit the hacker’s objectives.
The research team demonstrated how Copilot, designed to streamline tasks by integrating with Microsoft 365 applications, can be manipulated by hackers to perform malicious activities.
By leveraging Copilot’s capabilities, hackers can covertly search for and extract sensitive data, bypassing traditional security measures that focus on file and data protection. This is achieved by altering Copilot’s behavior through prompt injections, a technique that changes the AI’s responses to suit the hacker’s objectives.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access
One of the most alarming aspects of this exploit is its potential to facilitate AI-based social engineering attacks. Hackers can use Copilot to craft convincing phishing emails or manipulate interactions to deceive users into revealing confidential information.
This capability underscores the need for robust security measures to counteract the sophisticated methods employed by cybercriminals.
To demonstrate these vulnerabilities, Bargury introduced a red-teaming tool named “LOLCopilot.” This tool is designed for ethical hackers to simulate attacks and understand the potential threats posed by Copilot.
LOLCopilot operates within any Microsoft 365 Copilot-enabled tenant using default configurations, allowing ethical hackers to explore how Copilot can be misused for data exfiltration and phishing attacks without leaving traces in system logs.
The demonstration at Black Hat revealed that Microsoft Copilot’s default security settings are insufficient to prevent such exploits. The tool’s ability to access and process large amounts of data poses a significant risk, particularly if permissions are not carefully managed.
Organizations are advised to implement robust security practices, such as regular security assessments, multi-factor authentication, and strict role-based access controls, to mitigate these risks.
Moreover, it is crucial for organizations to educate their employees about the potential risks associated with AI tools like Copilot and to establish comprehensive incident response protocols.
By enhancing security measures and fostering a culture of security awareness, companies can better protect themselves against the exploitation of AI technologies.
Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations worldwide about active exploitation…
A sophisticated malware campaign targeting WordPress sites has emerged, utilizing PHP variable functions and cookie-based…
An international ecosystem of sophisticated scam operations has emerged, targeting vulnerable populations through impersonation tactics…
TransparentTribe, a Pakistani-nexus intrusion set active since at least 2013, has intensified its cyber espionage…
As the festive season approaches, organizations are witnessing a disturbing increase in targeted attacks on…
The cybersecurity landscape experienced a significant shift in July 2025 when threat actors associated with…