
The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.
Capsule Security discovered prompt injection vulnerabilities in Microsoft Copilot Studio and Salesforce Agentforce, allowing attackers to exfiltrate sensitive corporate data via public forms. Despite patches from both companies, the incidents highlight ongoing risks in AI agent platforms and the challenge of fully mitigating such vulnerabilities.[AI generated]
Why's our monitor labelling this an incident or hazard?
The event explicitly involves AI systems (agentic AI platforms like Copilot Studio and Agentforce) and describes how prompt injection vulnerabilities were exploited to cause unauthorized data exfiltration. This constitutes a direct harm to property and organizational security. The vulnerabilities were exploited in practice (not just theoretical), and data was exfiltrated despite patches and safety mechanisms, fulfilling the criteria for an AI Incident. The detailed description of the attack vectors, the harm caused, and the patching timeline supports this classification. Although the article also discusses broader risks and mitigation strategies, the primary focus is on the realized harm from the AI system's malfunction and misuse.[AI generated]