CSOonline

Copilot and Agentforce fall to form-based prompt injection tricks

Prompt injection flaws in Microsoft Copilot Studio and Salesforce Agentforce let attackers weaponize form inputs to override agents' behavior and exfiltrate sensitive customer and business data.
Dark Reading

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

One aspect of the "AI revolution" keeping security professionals up at night is the continued prevalence of prompt injection attacks that enable exfiltration of sensitive data — even against dominant ...
VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...
GitHub

a365-sharepoint-mcp-server.json

"summary": "Work IQ MCP server for Microsoft SharePoint operations. Learn more at https://aka.ms/AboutWorkIQ", "description": "Work IQ MCP server for Microsoft ...
GitHub

configure-server-based-authentication-sharepoint-on-premises.md

The following memberships and privileges are required to enable SharePoint document management. Follow the steps, in the order provided, to set up customer engagement ...