Copilot agent turns patched Excel bug into zero-click leak

Autonomous agents are creating new, unexpected attack surfaces that bypass traditional security monitoring.

• –Attackers used the Copilot agent to exploit a patched XSS bug in Excel
• –Data can be silently read and exfiltrated without user interaction
• –Highlights the risk of agents amplifying the impact of older vulnerabilities
• –Traditional security tools struggle to monitor agent-driven data access