Forensic Summary
Prompt injection vulnerabilities in Salesforce Agentforce and Microsoft Copilot were patched after researchers demonstrated that external attackers could exploit them to exfiltrate sensitive user data. The flaws highlight systemic risks in enterprise AI agent deployments, where insufficient input sanitisation allows malicious content to hijack agent behaviour. Both vendors have issued patches, but the incidents underscore the growing attack surface introduced by agentic AI systems operating with elevated privileges.
Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/microsoft-salesforce-patch-ai-agent-data-leak-flaws/
Top comments (0)