Sneaky Mermaid attack in Microsoft 365 Copilot steals data • The Register

A security vulnerability in Microsoft 365 Copilot allowed attackers to steal sensitive tenant data through indirect prompt injection attacks, leveraging Mermaid diagrams to exfiltrate information like emails. Microsoft has since patched the vulnerability, though the researcher who discovered it did not receive a bug bounty as M365 Copilot is not currently in scope for the program.