By Ken Underhill
Publication Date: 2026-03-17 19:40:00
AI assistants are rapidly becoming a core part of workplace productivity, but new research suggests they may also introduce a previously overlooked phishing vector.
Permiso researchers found that attacker-controlled text embedded in emails can manipulate Microsoft Copilot summaries through cross-prompt injection attacks (XPIA), potentially inserting deceptive security alerts or malicious prompts into the trusted AI interface.
“The most interesting finding was not that Copilot followed [the] attacker instructions. It was how much more convincing the output became once it appeared inside the assistant’s UI,” Andi Ahmeti, threat researcher at Permiso, said in an email to eSecurityPlanet.
He added, “Users have spent years learning to distrust suspicious emails, but that skepticism does not transfer to AI-generated summaries. The attacker just needs the assistant to speak with authority.”
