New reporting highlighted a prompt-injection phishing risk in Microsoft Copilot after Permiso researchers found that attacker-controlled text embedded in emails could manipulate Copilot-generated summaries through cross-prompt injection attacks. The issue could cause Copilot to present deceptive security alerts or malicious instructions inside a trusted Microsoft 365 interface, increasing the likelihood that users will believe and act on attacker content. Separate coverage also noted broader security and privacy concerns around Microsoft’s AI ecosystem, including criticism of Windows Recall for capturing and storing snapshots of user activity that Copilot can analyze, even after Microsoft added stronger protections following earlier backlash.
Microsoft also faced continued scrutiny over how aggressively it is pushing Copilot into user environments. The company temporarily halted plans to automatically install the Microsoft 365 Copilot app on eligible Windows systems outside the EEA, though existing installations remain in place and administrators can still deploy it manually. Public criticism of Copilot’s quality and Microsoft’s AI strategy also spilled into the company’s Discord community, where moderation actions against users mocking “Microslop” drew further attention to dissatisfaction with rushed AI integration, privacy concerns, and the perception that Microsoft is forcing AI features into products despite unresolved trust and security issues.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
Researchers at Permiso showed that attacker-controlled text embedded in emails could manipulate Microsoft Copilot summaries through cross-prompt injection. Their proof of concept affected Microsoft 365 contexts including Outlook and Teams, revealing inconsistent safety behavior across interfaces.
Microsoft updated its Microsoft 365 message center and admin dashboard to say the planned December 2025 automatic installation of the Microsoft 365 Copilot app was temporarily disabled. Existing installations were left in place, but new automatic deployments were paused until further notice.
As part of broader Copilot administration changes, Microsoft introduced a policy allowing IT administrators to uninstall Copilot from managed Windows devices. This gave organizations a way to limit or reverse Copilot deployment.
Microsoft restricted activity on its Copilot Discord server after continued mockery and what it later described as spammers posting harmful content. The lockdown drew further criticism of the company's AI strategy and moderation response.
After users repeatedly mocked Microsoft by calling it 'Microslop' on the Copilot Discord server, the company temporarily blocked the term. Users reportedly found ways around the restriction, prolonging the disruption.
Microsoft started rolling out automatic installation of the Microsoft 365 Copilot app to Windows devices outside the European Economic Area that had Microsoft 365 desktop apps installed. The deployment was originally announced to begin in early December 2025 and was expected to complete by mid-December.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
5 references tracked. Mallory keeps watching after this page renders.
windowslatest.com
Open sourcetechrepublic.com
Open sourcehowtogeek.com
Open sourcebleepingcomputer.com
Open sourcetechdirt.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.