Microsoft Copilot Studio Patch Can't Stop Data Leaks

GENERATIVE AI SECURITY VULNERABILITY April 15, 2026 venturebeat

Microsoft patched CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability in Copilot Studio, discovered by Capsule Security and deployed January 15. The CVE is notable for being assigned to an agent-building platform, not just a productivity tool, signaling a new vulnerability class enterprises must track. Capsule also found PipeLeak, a parallel vulnerability in Salesforce Agentforce, highlighting a broader problem: prompt injection in agentic systems cannot be fully eliminated through patches alone. Data exfiltration remains possible even after fixes are applied.

Read the original article →

GrafanaGhost flaw silently stole enterprise data via AI

GENERATIVE AI SECURITY VULNERABILITY Apr 07, 2026

Microsoft Copilot Studio Patch Can't Stop Data Leaks

Related Articles

GrafanaGhost flaw silently stole enterprise data via AI

Meta Taps Space Solar Energy for AI Power

Oppenheimer Slashes Microsoft Target Over AI Fears

Datavault AI Secures $120M for Nationwide GPU Expansion