NEWYou can now take heed to Fox News articles!
AI assistants are imagined to make life simpler. Tools like Microsoft Copilot may also help you write emails, summarize paperwork and reply questions utilizing data from your personal account. But safety researchers at the moment are warning {that a} single dangerous link could quietly flip that comfort right into a privateness risk.
A newly found assault technique exhibits how attackers could hijack a Copilot session and siphon data with out you seeing something suspicious on display screen.
Sign up for my FREE CyberGuy Report
Get my greatest tech suggestions, pressing safety alerts and unique offers delivered straight to your inbox. Plus, you’ll get on the spot entry to my Ultimate Scam Survival Guide – free whenever you be part of my CYBERGUY.COM e-newsletter.
Because Copilot stays tied to your logged-in Microsoft account, attackers can quietly use your lively session to entry data in the background. (Photo by Donato Fasano/Getty Images)
What researchers found about Copilot hyperlinks
ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS
Security researchers at Varonis uncovered a method they name “Reprompt.” In easy phrases, it exhibits how attackers could sneak directions right into a normal-looking Copilot link and make the AI do issues on their behalf.
Here’s the half that issues to you: Microsoft Copilot is related to your Microsoft account. Depending on how you employ it, Copilot can see your previous conversations, stuff you’ve requested it and sure private data tied to your account. Normally, Copilot has guardrails to stop delicate data from leaking. Reprompt confirmed a method round a few of these protections.
The assault begins with only one click on. If you open a specifically crafted Copilot link despatched by way of electronic mail or a message, Copilot can robotically course of hidden directions embedded inside the link. You need not set up something, and there aren’t any pop-ups or warnings. After that single click on, Copilot can preserve responding to directions in the background utilizing your already logged-in session. Even closing the Copilot tab doesn’t instantly cease the assault, as a result of the session stays lively for some time.
How Reprompt works
Varonis discovered that Copilot accepts questions by way of a parameter inside its internet deal with. Attackers can cover directions inside that deal with and make Copilot execute them as quickly as the web page masses.
That alone wouldn’t be sufficient, as a result of Copilot tries to dam data leaks. The researchers mixed a number of methods to get round this. First, they injected directions straight into Copilot by way of the link itself. This allowed Copilot to learn data it usually should not share.
Second, they used a “try twice” trick. Copilot applies stricter checks the first time it solutions a request. By telling Copilot to repeat the motion and double-check itself, the researchers discovered that these protections could fail on the second try.
Third, they confirmed that Copilot could preserve receiving follow-up directions from a distant server managed by the attacker. Each response from Copilot helped generate the subsequent request, permitting data to be quietly despatched out piece by piece. The result’s an invisible back-and-forth the place Copilot retains working for the attacker utilizing your session. From your perspective, nothing appears to be like wrong.
MICROSOFT SOUNDS ALARM AS HACKERS TURN TEAMS PLATFORM INTO ‘REAL-WORLD DANGERS’ FOR USERS
Varonis responsibly reported the situation to Microsoft, and the firm fastened it in the January 2026 Patch Tuesday updates. There is not any proof that Reprompt was utilized in real-world assaults earlier than the repair. Still, this analysis is essential as a result of it exhibits an even bigger downside. AI assistants have entry, reminiscence and the capability to behave on your behalf. That mixture makes them highly effective, but in addition dangerous if protections fail. As researchers put it, the hazard will increase when autonomy and entry come collectively.
It’s additionally value noting that this situation solely affected Copilot Personal. Microsoft 365 Copilot, which companies use, has further safety layers like auditing, data loss prevention and admin controls.
“We appreciate Varonis Threat Labs for responsibly reporting this issue,” a Microsoft spokesperson informed CyberGuy. “We have rolled out protections that address the scenario described and are implementing additional measures to strengthen safeguards against similar techniques as part of our defense-in-depth approach.”
8 steps you may take to remain protected from AI assaults
Even with the repair in place, these habits will assist defend your data as AI instruments turn into extra widespread.
1) Install Windows and browser updates instantly
Security fixes solely defend you in the event that they’re put in. Attacks like Reprompt depend on flaws that have already got patches obtainable. Turn on computerized updates for Windows, Edge and different browsers so you do not delay essential fixes. Waiting weeks or months leaves a window the place attackers can nonetheless exploit recognized weaknesses.
2) Treat Copilot and AI hyperlinks like login hyperlinks
If you would not click on a random password reset link, do not click on sudden Copilot hyperlinks both. Even hyperlinks that look official could be weaponized. If somebody sends you a Copilot link, pause and ask your self whether or not you had been anticipating it. When unsure, open Copilot manually as an alternative.
Even after Microsoft fastened the flaw, the analysis highlights why limiting data publicity and monitoring account exercise nonetheless issues as AI instruments evolve. (Photographer: Prakash Singh/Bloomberg by way of Getty Images)
3) Use a password supervisor to guard your accounts
A password supervisor creates and shops robust, distinctive passwords for each service you employ. If attackers handle to entry session data or steal credentials not directly, distinctive passwords stop one breach from unlocking your whole digital life. Many password managers additionally warn you if a web site appears to be like suspicious or pretend.
Next, see if your electronic mail has been uncovered in previous breaches. Our No. 1 password supervisor decide features a built-in breach scanner that checks whether or not your electronic mail deal with or passwords have appeared in recognized leaks. If you uncover a match, instantly change any reused passwords, and safe these accounts with new, distinctive credentials.
Check out the greatest expert-reviewed password managers of 2026 at Cyberguy.com.
4) Enable two-factor authentication on your Microsoft account
Two-factor authentication (2FA) provides a second layer of safety, even when attackers acquire partial entry to your session. It forces an additional verification step, often by way of an app or machine, making it a lot tougher for another person to behave as you inside Copilot or different Microsoft companies.
5) Reduce how a lot private data exists on-line
Data dealer websites acquire and resell private particulars like your electronic mail deal with, cellphone quantity, dwelling deal with and even work historical past. If an AI software or account session is abused, that publicly obtainable data could make the harm worse. Using a data-removal service helps delete this data from dealer databases, shrinking your digital footprint and limiting what attackers can piece collectively.
Check out my high picks for data removing companies and get a free scan to search out out if your private data is already out on the internet by visiting Cyberguy.com.
Get a free scan to search out out if your private data is already out on the internet: Cyberguy.com.
6) Run robust antivirus software program on your machine
Modern antivirus instruments do greater than scan recordsdata. They assist detect phishing hyperlinks, malicious scripts and suspicious habits tied to browser exercise. Since Reprompt-style assaults begin with a single click on, having real-time safety can cease you earlier than harm occurs, particularly when assaults look legit.
The greatest method to safeguard your self from malicious hyperlinks that set up malware, probably accessing your personal data, is to have robust antivirus software program put in on all your units. This safety also can warn you to phishing emails and ransomware scams, preserving your private data and digital property protected.
Get my picks for the greatest 2026 antivirus safety winners for your Windows, Mac, Android and iOS units at Cyberguy.com.
7) Regularly overview your account exercise and settings
Check your Microsoft account exercise for unfamiliar logins, places, or actions. Review what companies Copilot can entry, and revoke something you not want. These checks do not take lengthy, however they will reveal points early, earlier than attackers have time to do severe harm. Here’s how:
Go to account.microsoft.com, and register to your Microsoft account.
Select Security, then select View my sign-in exercise and confirm your id if prompted.
Review every login for unfamiliar places, units or failed sign-in makes an attempt.
If you see something suspicious, choose This wasn’t me or Secure your account, then change your password instantly and allow two-step verification.
Visit account.microsoft.com/units, and take away any units you not acknowledge or use.
In Microsoft Edge, open Settings > Appearance > Copilot and Sidebar > Copilot, and switch off Allow Microsoft to entry web page content material if you wish to restrict Copilot’s entry.
Review apps related to your Microsoft account and revoke permissions you not want.
A single Copilot link can carry hidden directions that run the second you click on, with none warning or pop-ups. (iStock)
8) Be particular about what you ask AI instruments to do
Avoid giving AI assistants broad authority like “handle whatever is needed.” Wide permissions make it simpler for hidden directions to affect outcomes. Keep requests slim and task-focused. The much less freedom an AI has, the tougher it’s for malicious prompts to steer it silently.
Kurt’s key takeaway
Reprompt does not imply Copilot is unsafe to make use of, however it does present how a lot belief these instruments require. When an AI assistant can assume, bear in mind and act for you, even a single dangerous click on can matter. Keeping your system up to date and being selective about what you click on stay simply as essential in the age of AI because it was earlier than.
Do you’re feeling comfy letting AI assistants entry your private data, or does this make you extra cautious? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my greatest tech suggestions, pressing safety alerts and unique offers delivered straight to your inbox. Plus, you’ll get on the spot entry to my Ultimate Scam Survival Guide – free whenever you be part of my CYBERGUY.COM e-newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of expertise, gear and devices that make life higher together with his contributions for Fox News & FOX Business starting mornings on “FOX & Friends.” Got a tech query? Get Kurt’s free CyberGuy Newsletter, share your voice, a narrative thought or remark at CyberGuy.com.
