THREATOPS
THREAT OPSThreat News › Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299)

Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299)

lowembracetheredPublished 2026-05-04

<p>This is a writeup of my <a href="https://defcon.org/html/defcon-singapore/dc-singapore-talks.html">DEF CON Singapore</a> talk that walks through vulnerabilities and exploits in M365 Copilot and Consumer Copilot. I disclosed these to Microsoft last year. MSRC assigned <a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-24299">CVE-2026-24299</a> and the issues are now pa

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://embracethered.com/blog/posts/2026/defcon-talk-copirate-365/