Home / Technology / Excel Bug Exploits AI for Zero-Click Data Theft
Excel Bug Exploits AI for Zero-Click Data Theft
11 Mar
Summary
- Microsoft's March update addresses 83 security flaws.
- An Excel vulnerability allows AI-driven zero-click data theft.
- Update urges blocking exfiltration via the Copilot assistant.
Microsoft has released its March 2026 Patch Tuesday update, addressing a total of 83 security vulnerabilities. Among these fixes is a high-severity flaw discovered in Excel, tracked as CVE-2026-26144. This vulnerability combines cross-site scripting with indirect prompt injection, allowing for data exfiltration through Artificial Intelligence.
The critical issue involves Excel's improper handling of input, enabling unauthorized data disclosure. Attackers can exploit this by embedding malicious links within Excel files. Even without the victim opening the file, merely viewing it in a preview pane can trigger the exploit, especially when integrated with AI assistants like Microsoft's Copilot.
To mitigate this risk, applying the latest update is the most effective solution. Alternatively, organizations can restrict outbound network traffic from Office applications and monitor Excel processes. Disabling the Copilot Agent is also suggested as a preventative measure against this specific threat.
