Skip to content
Close Menu

    Subscribe to Updates

    Get the latest news from tastytech.

    What's Hot

    Mob Psycho 100 Director Reflects On The Ending Four Years Later

    July 6, 2026

    The Greatest Cyberpunk Sci-Fi Book Is Officially Switching Formats

    July 6, 2026

    GM Still Leads The US In Sales. But EV Demand Is Slipping

    July 6, 2026
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    tastytech.intastytech.in
    Subscribe
    • AI News & Trends
    • Tech News
    • AI Tools
    • Business & Startups
    • Guides & Tutorials
    • Tech Reviews
    • Automobiles
    • Gaming
    • movies
    tastytech.intastytech.in
    Home»Tech Reviews»Critical Copilot vulnerability allowed hackers to steal 2FA code from users
    Critical Copilot vulnerability allowed hackers to steal 2FA code from users
    Tech Reviews

    Critical Copilot vulnerability allowed hackers to steal 2FA code from users

    gvfx00@gmail.comBy gvfx00@gmail.comJuly 6, 2026No Comments2 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email



    Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the researchers who discovered the vulnerability and reported it to Microsoft revealed how their proof-of-concept exploit could retrieve 2FA codes and other sensitive data from emails accessible to Copilot.

    Microsoft and other LLM providers have been unable to prevent their products from complying with malicious requests to reveal data. The root cause: AI bots are unable to distinguish between instructions provided by users and those snuck into third-party content the models are summarizing, drafting responses to, or using to perform other actions on behalf of the user. With no way to secure this crucial boundary, Microsoft and its peers are left to erect complicated and ad hoc guardrails designed to rein in the consequences of this incurable gullibility.

    Table of Contents

    Toggle
    • Jumping over guardrails
      • Related posts:
    • Microsoft drops AI sales targets in half after salespeople miss their quotas
    • NASA Is Testing A Rover That Can Drive Faster And Lift Its Wheels To Climb Obstacles
    • Meta has closed three VR studios as part of its metaverse cuts

    Jumping over guardrails

    One guardrail built into Copilot and most other LLMs prevents them from submitting web forms, sending emails, and taking similar actions that can be used to exfiltrate data from the user. To work around this, LLM hackers turned to markup language, which, among other things, allows users to add formatting elements such as headings, lists, and links to text without the need for HTML tags. Another workaround is to wrap sensitive data inside HTML tags such as <img> and <form>. In either case, a web request showing the data hits the attacker’s web server, where the secret information is captured in logs.

    Read full article

    Comments

    Related posts:

    This Lollipop Plays Tunes In Your Head Using Bone Conduction. I Tried It and Was Floored

    Today's NYT Mini Crossword Answers for March 15

    Amazon appears to be down, with over 20,000 reported problems

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleKing of the Hill season 15 officially begins in 3 weeks — what to know
    Next Article The vCenter Log Partition Runbook: Find Growth, Preserve Evidence, Restore Headroom
    gvfx00@gmail.com
    • Website

    Related Posts

    Tech Reviews

    Sony Says It Will Still Make Physical Discs After 2028, As Long As The Game Came Out Before Then

    July 5, 2026
    Tech Reviews

    NotebookLM Alternatives: Which Similar AI Tools Are Worth Your Time?

    July 5, 2026
    Tech Reviews

    AirPods Max 2 vs Sony WH-1000XM6: which is king of the noise cancelling headphones game?

    July 5, 2026
    Add A Comment
    Leave A Reply Cancel Reply

    Top Posts

    Black Swans in Artificial Intelligence — Dan Rose AI

    October 2, 2025206 Views

    Every Clue That Tony Stark Was Always Doctor Doom

    October 20, 2025129 Views

    We let ChatGPT judge impossible superhero debates — here’s how it ruled

    December 31, 2025100 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram

    Subscribe to Updates

    Get the latest tech news from tastytech.

    About Us
    About Us

    TastyTech.in brings you the latest AI, tech news, cybersecurity tips, and gadget insights all in one place. Stay informed, stay secure, and stay ahead with us!

    Most Popular

    Black Swans in Artificial Intelligence — Dan Rose AI

    October 2, 2025206 Views

    Every Clue That Tony Stark Was Always Doctor Doom

    October 20, 2025129 Views

    We let ChatGPT judge impossible superhero debates — here’s how it ruled

    December 31, 2025100 Views

    Subscribe to Updates

    Get the latest news from tastytech.

    Facebook X (Twitter) Instagram Pinterest
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    © 2026 TastyTech. Designed by TastyTech.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.