Data Exfiltration
The latest Data Exfiltration coverage — news, analysis, and updates from the WindowsNews.AI desk.
Zenity's Real-Time Agent Security Hits Azure Marketplace Preview for Copilot Studio
Microsoft Copilot Studio agents now have a dedicated inline security layer that can block prompt injections, data exfiltration, and secrets misuse mid-execution, following Zenity’s expanded...
Microsoft Copilot's Policy Flaw Allows Blocked AI Agents to Resurface, Creating Governance and Audit Nightmares
Enterprise administrators who thought they had locked down Microsoft 365 Copilot agents are discovering that tenant-wide "No users can access" settings have been silently ignored for certain agents,...
Microsoft Silently Patches Copilot Audit Blind Spot That Allowed Silent Data Exfiltration
Microsoft quietly fixed a critical gap in Microsoft 365 Copilot’s audit logging in mid‑August 2025 after researchers proved that a simple prompt tweak could make the AI assistant summarize...
Microsoft Quietly Patches Copilot Audit-Log Bypass, Keeps Customers in the Dark
Security researchers have uncovered a critical blind spot in Microsoft’s Purview audit logging for Copilot: certain prompts can retrieve sensitive file contents without leaving any trace in audit...
Microsoft 365 Copilot’s Missing Audit Logs: The Hidden Risk Behind Zero-Click Data Leaks
When Microsoft patched CVE-2025-32711 in June 2025, it closed a critical zero-click vulnerability that allowed attackers to silently siphon sensitive data through Microsoft 365 Copilot. Dubbed...
Leading GenAI Browser Assistants Found Hoovering Up Social Security Numbers, Medical Data Without Consent
A sweeping new audit of the most popular generative AI browser assistants reveals that several widely used extensions silently capture and transmit highly sensitive information from ordinary web...
Zenity Labs Unveils AgentFlayer: Zero-Click Exploits Hijack ChatGPT, Microsoft Copilot, and Salesforce Einstein
Zenity Labs has dropped a bombshell at Black Hat USA 2025: a new attack framework called AgentFlayer that lets adversaries silently hijack enterprise AI agents without so much as a mouse click....
Patch Now: AVEVA PI Integrator Vulnerabilities Could Let Attackers Hijack OT Analytics
On August 12, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an industrial control systems (ICS) advisory warning of two high-severity vulnerabilities in AVEVA’s...
AgentFlayer Unleashed: Zero-Click Chains Turn Enterprise AI Agents into Stealth Insider Threats
At Black Hat USA 2025, Zenity Labs peeled back the curtain on a threat that security teams have long feared but rarely seen weaponized at scale: zero-click prompt injection attacks that silently...
Zenity Labs’ AgentFlayer Exposes Zero-Click Exploits: Microsoft Copilot, ChatGPT AI Agents Hijacked Without User Action
At Black Hat USA 2025, security researchers from Zenity Labs pulled back the curtain on a dangerously overlooked attack surface: enterprise AI agents that can be silently hijacked with zero user...
Black Hat 2025: Zero-Click Exploits Can Hijack ChatGPT, Copilot, and Einstein Without a Trace
Security researchers at Zenity Labs have dropped a bombshell at Black Hat USA 2025: a new breed of zero-click exploit chains can silently hijack enterprise AI agents, including OpenAI’s ChatGPT,...
EchoLeak and the Rising Threat of Zero-Click Prompt Injection in Microsoft Copilot
Large language models (LLMs) like Microsoft Copilot are revolutionizing enterprise productivity, but their integration into critical workflows has introduced an entirely new and rapidly evolving...