CoPilot can be encouraged to launch HTTP requests on the server side, potentially enabling access to data from other companies.

A server-side request forgery (SSRF) bug in Microsoft's tool for creating custom AI chatbots potentially exposed info across multiple tenants within cloud environments.

Though the research proved inconclusive about the extent that the flaw could be exploited to gain access to sensitive cloud data