Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed potential attackers to exfiltrate sensitive user data with a simple click on a specially crafted URL. ## Vulnerability Details Security researchers at Varonis discovered the vulnerability. The attack, once triggered, allowed the theft of information such as the user's name, their geographic location, and specific details related to events in the Copilot chat history. The most concerning aspect was that the attack persisted even after the chat window was closed, without requiring further user interaction. ## Bypassing Protections According to reports, the attack was able to bypass enterprise endpoint security systems and detection systems for endpoint protection applications. This highlights the need for constant vigilance and timely updates to protect systems from increasingly sophisticated threats. The discovery of vulnerabilities like this underscores the importance of collaboration between companies and researchers to promptly identify and resolve security issues. The continuous evolution of cyber threats requires a proactive approach to security, with constant testing and verification to ensure the protection of user data.