What is the Reprompt attack targeting Microsoft Copilot?

Reprompt is an attack method that allows attackers to hijack Copilot sessions using a single, malicious link, secretly siphoning personal data by embedding hidden instructions.

How does Reprompt bypass Copilot's security?

The Reprompt attack embeds hidden instructions in a Copilot link and uses a 'try twice' trick to bypass initial data leak protections, enabling continuous instruction from an attacker's server.

When was the Copilot Reprompt vulnerability fixed?

Microsoft fixed the Reprompt vulnerability in its January 2026 Patch Tuesday updates, and there is no evidence it was used in real-world attacks before the patch.

Home / Technology / One link can steal your Copilot data

One link can steal your Copilot data

25 Jan

•

Summary

A single link can hijack Copilot sessions undetected.
The Reprompt attack bypasses some AI data protections.
Microsoft fixed this vulnerability in January 2026.

Security researchers have uncovered a vulnerability in Microsoft Copilot, dubbed 'Reprompt,' that allows attackers to discreetly access personal data. The attack begins with a user clicking a malicious Copilot link, which embeds hidden instructions. These instructions can manipulate Copilot into performing actions and divulging information it would normally protect.

The Reprompt technique exploits parameters within Copilot's web address to execute hidden commands upon page load. Researchers combined this with a 'try twice' method to circumvent Copilot's initial data leak protections, finding that a second attempt could bypass stricter checks. Additionally, the attack enables continuous instruction from a remote server.

While Microsoft addressed this issue in its January 2026 Patch Tuesday updates, and no real-world exploitation was reported beforehand, the discovery highlights inherent risks with AI assistants. These tools, possessing access, memory, and the ability to act on a user's behalf, present significant privacy concerns if their safeguards fail.