Copilot agent turns patched Excel bug into zero-click leak

// 45d agoSECURITY INCIDENT

Copilot agent turns patched Excel bug into zero-click leak

Researchers demonstrated that a previously patched XSS vulnerability in Excel can be exploited via Microsoft Copilot to silently exfiltrate data. The exploit highlights how autonomous agents can bypass traditional security to resurrect old vulnerabilities.

// ANALYSIS

Autonomous agents are creating new, unexpected attack surfaces that bypass traditional security monitoring.

–Attackers used the Copilot agent to exploit a patched XSS bug in Excel
–Data can be silently read and exfiltrated without user interaction
–Highlights the risk of agents amplifying the impact of older vulnerabilities
–Traditional security tools struggle to monitor agent-driven data access

// TAGS

microsoft-copilotagentsafety

DISCOVERED

45d ago

2026-04-24

PUBLISHED

45d ago

2026-04-24

RELEVANCE

9/ 10

AUTHOR

Better Stack

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

VIDEO42m ago

Mastra outlines transition to structured specifications

In this episode of the AI Agents Hour, Mastra co-founders Shane Thomas and Abhi Aiyer explore shifting from manual prompting to structured, developer-first agent specifications. The discussion covers tool integrations like CodeRabbit for pull request reviews and Freestyle's forkable Linux VM sandboxes to build reliable, deterministic AI agents.

BENCHMARK1h ago

Cognition has introduced FrontierCode, a software engineering benchmark that measures the mergeability, quality, and maintainability of AI-generated code rather than simple functional correctness.

Cognition has launched FrontierCode, a new software engineering benchmark designed to evaluate whether AI-generated code meets the high standards of production-grade codebases. Developed in partnership with the maintainers of 36 flagship open-source repositories who spent over 40 hours per task, the benchmark consists of three nested subsets (Extended, Main, and Diamond) totaling 150 tasks. FrontierCode goes beyond classical unit tests to measure mergeability, style, regression safety, and scope using novel grading methods like reverse-classical testing (which ensures agent-written tests fail on the buggy base code) and adaptive classical grading with their new tool, mutagent. In initial testing, Claude Opus 4.8 led all models but only scored 13.4% on the hardest Diamond set, highlighting that frontier models still struggle significantly with writing production-ready, maintainable code.

MODEL1h ago

Claude Mythos is rumored to launch within the next two weeks, reportedly outperforming Opus 4.8 in coding and reasoning.

According to a post by BridgeMind AI on X, Anthropic's Claude Mythos model is set to release this week or next. In head-to-head comparisons with Opus 4.8, Mythos reportedly wins in almost every category, demonstrating extreme capabilities as a coding and reasoning model.