Reprompt: The Single-Click Microsoft Copilot Attack That Silently Steals Your Personal Data
Varonis, Wednesday, January 14th, 2026
Varonis Threat Labs discovered a way to bypass Copilot's safety controls, steal users' darkest secrets, and evade detection.
Varonis Threat Labs uncovered a new attack flow, dubbed Reprompt, that gives threat actors an invisible entry point to perform a data‑exfiltration chain that bypasses enterprise security controls entirely and accesses sensitive data without detection - all from one click.
First discovered in Microsoft Copilot Personal, Reprompt is important for multiple reasons: