News Desk 2024: Hacking Microsoft Copilot Is Scary Easy

Microsoft Copilot is rapidly becoming the go-to artificial intelligence productivity assistant across some of the largest enterprises in the world, but researcher Michael Bargury, chief technology officer with Zenity, warns the new technology poses some distinct cybersecurity concerns.

Bargury isn't down on Copilot, quite the contrary. He's found the technology invaluable in his own day-to-day work, he explained to Dark Reading. But based on Copilot's visibility deep into the enterprise, including emails, messaging applications, and much more — which is precisely what makes it so valuable for users — also makes it an alluring target for malicious actors.

"It has access to your emails, your calendar, your Teams messages, all of your files, and if you bring in plug-ins it can actually work on your behalf," Bargury explained. "It has access to everything you have access to, even the things you write to yourself."

Through his research, Bargury was able to demonstrate how to take over Microsoft Copilot by sending a single email.

"I can get Copilot to tell you whatever I want it to tell you," he added.