Microsoft Copilot vulnerable to single-click Reprompt theft

Researchers disclosed a new “Reprompt” attack on January 14, 2026 that enables single-click exfiltration of sensitive user data from Microsoft Copilot Personal. Varonis published the technical write-up and proof-of-concept, and media outlets including Ars Technica, Windows Central, TechRepublic and Malwarebytes reported the issue. A crafted URL triggers a covert, multistage chain of follow-up prompts ("reprompts") that leads Copilot to disclose data from the active session and context, bypassing built-in safeguards. Varonis provides step-by-step reproduction and a proof-of-concept showing data disclosure after one click. Attackers can weaponize links to harvest Copilot session and contextual data from affected users. Security teams should treat unsolicited Copilot links as high risk, audit Copilot Personal and browser link-handling policies, block or sandbox untrusted links, and monitor for exfiltration patterns while awaiting vendor guidance. Follow vendor advisories and apply mitigations published by Microsoft and incident responders.

Why It Matters

• A single click can expose Copilot Personal session and context data—treat unsolicited Copilot links like suspicious attachments or phishing URLs.
• Audit Copilot settings and browser link-handling policies; disable auto-open behaviors, block or sandbox untrusted links, and restrict URL-based integrations.
• Update endpoint protections and detection rules to spot prompt-based exfiltration patterns, and monitor for anomalous outbound data from Copilot sessions.