Reprompt: The Single-Click Microsoft Copilot Attack That Silently Steals Personal Data

Reprompt: The Single-Click Microsoft Copilot Attack That Silently Steals Personal Data www.varonis.com/blog/repr… Varonis Threat Labs has identified a new attack technique, dubbed Reprompt, that enables threat actors to initiate a stealthy data-exfiltration chain that bypasses enterprise security controls and accesses sensitive data without detection — triggered by a single user click. First discovered in Microsoft Copilot Personal, Reprompt is significant for several reasons: Only a single click on a legitimate Microsoft link is required to compromise a victim. No plugins or direct interaction with Copilot are necessary. The attacker retains control even after the Copilot chat is closed, allowing silent session exfiltration with no further user interaction. The attack bypasses Copilot’s built-in protective mechanisms. All commands are delivered server-side after the initial prompt, making it impossible to determine what data is being exfiltrated by inspecting the original interaction. Client-side detection tools are ineffective. Threat actors can request a broad range of sensitive information, including recent file access, location data, and planned travel. Reprompt differs fundamentally from prior AI-related vulnerabilities, such as EchoLeak, as it requires no user prompts, installed plugins, or enabled connectors. Microsoft has confirmed the vulnerability has been patched as of today, mitigating the risk of future exploitation. Enterprise customers using Microsoft 365 Copilot are not affected.