Sneaky Mermaid Attack in Microsoft 365 Copilot Steals Data
Posted2 months agoActive2 months ago
theregister.comTechstory
calmnegative
Debate
20/100
AI SecurityMicrosoft 365Copilot
Key topics
AI Security
Microsoft 365
Copilot
A vulnerability in Microsoft 365 Copilot allows for 'Sneaky Mermaid' attacks that can steal data through indirect prompt injection, raising concerns about AI security.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
22m
Peak period
1
0-1h
Avg / period
1
Key moments
- 01Story posted
Oct 26, 2025 at 6:11 PM EDT
2 months ago
Step 01 - 02First comment
Oct 26, 2025 at 6:32 PM EDT
22m after posting
Step 02 - 03Peak activity
1 comments in 0-1h
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 26, 2025 at 11:09 PM EDT
2 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Discussion (2 comments)
Showing 2 comments
ChrisArchitect
2 months ago
Discussion on source: https://news.ycombinator.com/item?id=45715837
lschueller
2 months ago
Yeah, a really smart idea by micrisift to not rewarding the sec researcher the bug bounty for such a quite straight forward vulnerability in copilot.. Nice work, though, by the researcher at this job
View full discussion on Hacker News
ID: 45715590Type: storyLast synced: 11/17/2025, 8:04:56 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.