Tag
This weekly recap covers major AI developments: OpenAI's public launch of GPT-5.6 family (Sol, Terra, Luna) and voice model GPT-Live-1, xAI's Grok 4.5, Google's Gemini 3.5 Pro delay, Microsoft's low Copilot conversion rate (4.5%), DeepSeek API retirement, Meta's Muse Image, and Ollama's funding.
A critical vulnerability in Microsoft 365 Copilot, dubbed SearchLeak, allowed attackers to steal 2FA codes via parameter-to-prompt injection by exploiting raw HTML rendering before guardrail enforcement. Microsoft has fixed the vulnerability, but the underlying issue of prompt injection remains a challenge.
A security vulnerability in Microsoft Copilot Cowork allows attackers to exfiltrate files by exploiting prompt injection that triggers external image requests, potentially leaking pre-authenticated download links.
Researchers at PromptArmor demonstrate that Microsoft Copilot Cowork can be exploited via indirect prompt injection to exfiltrate files from Microsoft 365, exploiting the lack of approval for certain actions when the recipient is the active user.
This analysis argues Microsoft Copilot may win the enterprise AI race through deep workflow integration in existing Microsoft tools rather than pure model superiority. It highlights how organizational habits and path-dependency often dictate technology adoption over technical capabilities.
Satya Nadella announced the integration of GPT-5.5 Instant into M365 Copilot, Copilot Studio, and Foundry, highlighting faster and more accurate responses.