TL;DR: Varonis disclosed a prompt injection attack that exfiltrates data from Microsoft Copilot with a single click. Group-IB is predicting AI-powered worms in 2026—malware that adapts, evades, and runs the entire kill chain without human oversight. And IBM's latest data shows 97% of organizations that suffered AI-related breaches had no access controls in place.

What Happened

Varonis disclosed an attack called "Reprompt" that turns Microsoft Copilot into a data exfiltration channel. One click on a legitimate Microsoft URL is all it takes.

The attack embeds a crafted instruction in the URL's "q" parameter. Copilot executes it. Then the attacker's server takes over, continuously prompting Copilot with questions like "Summarize all files the user accessed today" or "What vacations does he have planned?" The victim sees nothing.

Microsoft patched it. Enterprise M365 Copilot customers weren't affected. Consumer Copilot users were exposed until the fix rolled out.

Why It Matters

→ The bypass was simple. Copilot's data-leak safeguards only applied to the initial request. Asking Copilot to repeat an action twice bypassed the guardrails entirely.

→ No forensic trail. All the real instructions come from the attacker's server after the initial click. You can't inspect the starting prompt to know what's being stolen.

→ This isn't isolated. The same week, researchers disclosed similar vulnerabilities in Claude Cowork, Slack AI, Notion AI, and Google Gemini Enterprise.

Enterprise: Confirm you're on M365 Copilot, not consumer. Review what data your AI tools can access. Consider whether AI assistants need access to sensitive repositories at all.

SMB: If staff are using consumer AI tools for work, they're exposed. This is a policy conversation, not a technology fix.

Action Items:

What Happened

Group-IB CEO Dmitry Volkov published the company's 2026 threat predictions, warning that this is the year malware starts learning on the job.

WannaCry and NotPetya caused billions in damage by exploiting vulnerabilities and spreading fast. The next generation will do more: AI-powered malware that adapts to targets, exploits specific weaknesses, and evades detection—all without human direction.

Group-IB is also tracking "agentic extortion"—AI agents built into Ransomware-as-a-Service platforms. These handle encryption, backup destruction, lateral movement, and disabling EDR. Low-skilled affiliates now get capabilities that used to require expertise.

Why It Matters

→ The kill chain is going autonomous. AI agents will increasingly handle vulnerability discovery, exploitation, and lateral movement at scale. Human operators become optional for everything except collecting payment.

→ Phishing is getting "agentized." Group-IB found services where AI agents develop lures, send emails, and adapt campaigns based on real-time feedback. Every email feels personal. The attacker barely lifts a finger.

→ Dark LLMs are maturing. Threat actors have moved past crude WormGPT-style experiments to custom-built, self-hosted models with no ethical restrictions—built specifically for malware, scams, and disinformation.

Enterprise: Signature-based detection won't catch malware that morphs in real-time. Behavioral analysis becomes essential. Review your EDR's AI-detection capabilities.

SMB: You're the softer target when attackers can scale infinitely. Basics matter more, not less: patching, offline backups, MFA everywhere.

Action Items:

Connect your email, and you’ll instantly get a CRM with enriched customer insights and a platform that grows with your business.

With AI at the core, Attio lets you:

Join industry leaders like Granola, Taskrabbit, Flatfile and more.

👉 Try Attio Pro for free

What Happened

IBM's Cost of a Data Breach Report 2025 includes AI-specific findings for the first time—and they're ugly.

The numbers:

Organizations using AI and automation extensively in their security operations saved $1.9 million in breach costs and reduced the breach lifecycle by 80 days on average.

Why It Matters

→ The 13% number is just the visible iceberg. When 8% of organizations don't know if they've been breached and 63% lack governance policies, the true exposure rate is certainly higher.

→ Shadow AI is the new shadow IT—but faster. It took years for shadow IT to become a recognized problem. Shadow AI emerged in months. One in five breaches now traces back to employees using unapproved AI tools.

→ Only 34% of organizations with AI governance policies actually audit for unsanctioned AI. Having a policy isn't the same as enforcing it.

Enterprise: The savings from AI-powered security ($1.9M average) dwarf the investment required. But you need governance and technology—one without the other leaves gaps.

SMB: Start with visibility. You can't govern what you can't see. Figure out what AI tools employees are actually using before you write policies.

Action Items:

The rapid pace of AI deployment is outpacing security. On one hand, companies that have completely clamped down don't move with enough agility. On the other, companies that over-index leave themselves vulnerable.

Maintaining balance is key—and the balance point keeps moving. Setting up the right governance framework is paramount.

Check out → DigiForm-AI-Governance

Keep reading, learning and be a LEADER in AI 🤖

Hashi & The Context Window Team!