The attack begins when a user asks M365 Copilot to summarize a maliciously crafted Excel spreadsheet. Hidden instructions, embedded in white text across multiple sheets, use progressive task modification and nested commands to hijack the AI’s behavior.
These indirect prompts override the summarization task, directing Copilot to invoke its search_enterprise_emails tool to retrieve recent corporate emails. The fetched content is then hex-encoded and fragmented into short lines to bypass Mermaid’s character limits.
https://cybersecuritynews.com/copilo...lnerability-2/
Sent from my SM-S931B using Tapatalk