Andi Ahmeti

**Name of the Vulnerable Software and Affected Versions** Microsoft 365 Copilot (affected versions not specified) **Description** An AI command injection issue exists in Microsoft 365 Copilot, potentially allowing an unauthorized attacker to disclose information over a network. This issue is related to cross-prompt injection attacks, where hidden instructions within files or email content can manipulate AI-generated summaries and prompts. The vulnerability could enable AI-assisted phishing attacks, allowing attacker-controlled content to influence trusted AI summaries and lead users to take malicious actions. The vulnerability affects enterprise and Microsoft 365 users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.