← Back to Home
June 19, 2026

AI Raids Your Inbox While a Rocket Saves a Dying Telescope

Copilot Exploited to Raid Mailboxes in Alarming Enterprise AI Vulnerability
SECURITY

Copilot Exploited to Raid Mailboxes in Alarming Enterprise AI Vulnerability

The AI assistant your company trusted with its most sensitive data just became one of its biggest attack surfaces. Security researchers have demonstrated that Microsoft Copilot — the AI tool now embedded across millions of enterprise Microsoft 365 environments — can be manipulated by attackers to silently search through corporate email, extract sensitive information, and potentially escalate privileges. It is not a theoretical risk. It has been shown to work.

Here is the core problem. Copilot is deeply integrated into the tools employees use every day — Outlook, Teams, SharePoint. That integration is the whole selling point. But it also means a sufficiently clever attacker who finds a way to influence what Copilot does can effectively piggyback on a legitimate user's permissions. The AI does not know the difference between a real instruction from you and one that was planted somewhere it would find.

This technique is a variant of what researchers call prompt injection. An attacker embeds malicious instructions inside content the AI is likely to process — say, a specially crafted email sitting in a target's inbox. When Copilot reads that email as part of summarizing or searching, it can be tricked into following the embedded instructions instead. Those instructions can tell it to search the mailbox for keywords like 'password' or 'confidential,' then quietly exfiltrate whatever it finds.

What makes this particularly uncomfortable for IT and security teams is that the attack does not require compromising any traditional system. There is no malware dropped, no vulnerability in the classic sense patched. The attacker is essentially exploiting the AI's helpfulness against itself — and against the organization that deployed it.

The LiteLLM angle adds another layer of concern. LiteLLM is a popular open-source proxy that organizations use to manage and route requests across different AI models. Researchers found that misconfigured LiteLLM deployments could hand over admin-level access, meaning the blast radius of a successful attack extends well beyond one user's inbox.

For enterprises that have been racing to deploy Copilot and similar AI tools across their workforce, this research is a reality check. The speed of AI adoption has consistently outpaced the security frameworks designed to govern it. Most organizations have mature policies around who can access what data. Very few have thought carefully about what their AI assistant is allowed to do with that same data on a user's behalf.

The fix is not to rip out Copilot. The fix is to treat AI tools with the same rigor applied to any other privileged system — limit what they can access, monitor what they actually do, and assume that anything capable of reading your email at scale is worth an adversary's attention. Because apparently, it is.
Source: VentureBeat
Bold Last-Minute Satellite Rescue Mission Launches Against All Odds
SPACE

Bold Last-Minute Satellite Rescue Mission Launches Against All Odds

A startup that did not exist six years ago just launched a robotic spacecraft to catch a 20-year-old NASA telescope that is slowly falling out of the sky. If that sentence sounds like the premise of a prestige sci-fi film, the timeline makes it even harder to believe: from contract signing to launch, Katalyst Space Technologies had less than ten months.

The spacecraft in need of saving is Swift, a NASA observatory that has spent two decades hunting gamma-ray bursts — the most violent explosions the universe produces. Swift is genuinely irreplaceable in how it operates. It can pivot rapidly across the sky the moment it detects one of these events, alerting other observatories in near real time. Astronomers around the world have built entire research programs around its alerts. Losing it would leave a hole in the sky that nothing else currently fills.

The problem is straightforward and unforgiving. Swift launched in 2004 without onboard thrusters — a design decision that made sense at the time but left it with no way to maintain its orbit. Atmospheric drag has been slowly pulling it down ever since. That process has accelerated recently because the Sun has been unusually active, heating Earth's upper atmosphere and making it puffier, which in turn creates more drag on anything flying through it. Swift has dropped from about 363 miles above Earth at launch to roughly 225 miles today, and it is picking up speed on the way down.

NASA engineers put a hard deadline on the rescue: Swift needed to be serviced before it fell below 186 miles. Below that altitude, drag becomes too severe for a visiting spacecraft to safely operate near it. That window closes around October. The launch had to happen before the end of June.

Enter Katalyst. The Colorado-based startup was founded in 2020 with the explicit goal of building satellite servicing technology — essentially spacecraft mechanics that can work on other vehicles already in orbit. NASA put the call out to three companies last August asking whether any of them could pull this off. Katalyst came back with a plan that the agency's astrophysics director described as technically and programmatically plausible, which in NASA-speak is about as enthusiastic as it gets at that stage. A $30 million contract followed in September.

Katalyst's Link spacecraft carries three robotic arms designed to grab onto Swift — a satellite that was never built to be grabbed — and then fire its own thrusters to push the observatory back up to a safe operating altitude. The rendezvous and capture alone would be a first-of-its-kind operation.

Whether it works is still an open question. The launch happened, which is itself remarkable. But docking with a tumbling, uncooperative two-decade-old spacecraft in low orbit is the kind of thing that looks straightforward on a slide deck and humbling in practice. The astronomy community is watching closely.
Source: Ars Technica

Enjoyed this?

Get stories like this delivered every Tuesday — free.