← Back to Home
June 22, 2026

AI Tools Are Building and Breaking Your Security Simultaneously

AI Security Flaw Let Microsoft Copilot Silently Raid Your Mailbox
SECURITY

AI Security Flaw Let Microsoft Copilot Silently Raid Your Mailbox

Here is the part that should make you put down your coffee: a vulnerability in Microsoft Copilot allowed attackers to search through your email without you ever knowing they were there. Not a phishing link, not a sketchy download — just a flaw baked into an AI assistant that millions of enterprise workers use every single day.

The attack worked through a technique called prompt injection, where malicious instructions get buried inside content the AI reads — think a carefully crafted email or document — and the AI dutifully follows those instructions as if they came from you. In Copilot's case, researchers found the AI could be manipulated into quietly querying a user's mailbox and passing sensitive information back to whoever planted the trap. Silent, fast, and requiring almost no technical sophistication from the attacker.

What makes this particularly uncomfortable is the trust model we have built around these tools. Copilot is marketed as a productivity assistant, something sitting inside your workflow with deep access to your calendar, your emails, your files. That level of access is exactly what makes it useful — and exactly what makes a vulnerability like this so consequential. You are not just exposing a browser tab. You are potentially exposing the entire operational layer of your professional life.

The involvement of LiteLLM, a popular open-source library used to connect applications to large language models, adds another wrinkle. Security researchers found that misconfigured deployments could grant attackers admin-level privileges, turning what should be a productivity layer into an open door. LiteLLM is widely used across enterprise AI tooling, which means this is not purely a Microsoft problem — it is a signal about how the broader ecosystem of AI middleware is being secured, or rather, not secured.

Microsoft has since addressed the specific vulnerability, and to be fair, the company has invested significantly in AI safety research. But the patch is almost beside the point. What this episode reveals is a structural challenge: AI assistants need broad permissions to do their jobs, and broad permissions create broad attack surfaces. Every new capability you grant your AI tool is a new vector someone else might try to exploit.

Enterprise security teams are already stretched thin keeping up with conventional threats. Now they have to think about how a well-timed malicious email could essentially reprogram their employees' AI assistants mid-session. That is a genuinely new category of risk, and most organizations do not yet have a playbook for it.

The lesson here is not to stop using AI tools. It is to stop treating them like calculators. They are more like junior employees with master keys — incredibly useful, but only as trustworthy as the systems built around them.
Source: VentureBeat
Vibe Coding Is Fun Until a Hidden SQL Flaw Goes Live
SECURITY

Vibe Coding Is Fun Until a Hidden SQL Flaw Goes Live

Bob Starr built a website in an afternoon and launched it immediately. Months passed before he discovered it had been sitting online with a SQL injection vulnerability the entire time — the kind of flaw that could have let a stranger read or rewrite his database without breaking a sweat. He fixed it, but the window had been open for anyone who looked.

Starr is not a rogue developer cutting corners. He is a project manager in the tech industry who used AI coding tools to build something he thought was harmless. That is precisely the profile of person vibe coding was designed to empower, and precisely the profile of person who is now learning that building software and securing software are two entirely different skills.

Vibe coding — the practice of using AI assistants to generate functional applications through conversational prompts — has genuinely democratized software creation. You no longer need years of programming experience to ship something that works. The problem is that security was never really part of the vibe. AI tools are very good at generating code that runs. They are considerably less reliable at generating code that holds up when someone actively tries to break it.

The horror stories are multiplying. One founder watched an AI coding agent wipe his company's production database. Another developer built a private demo app that got hacked so quickly he now just shares his screen over video calls instead. These are not edge cases — they are the natural consequence of lowering the barrier to deployment without lowering the barrier to exploitation.

The security risk scales with the data involved. A personal app tracking your daily coffee intake living on your local machine is basically a non-issue. But the moment that same casual development approach gets applied to something storing customer records, medical information, or internal business documents, the stakes change entirely. And the uncomfortable truth is that a lot of vibe-coded projects drift in that direction without anyone consciously deciding to make that leap.

Researchers at cybersecurity firms are watching this closely, and the core concern is not that amateurs are writing software. Democratizing creation is genuinely good. The concern is that AI also dramatically lowers the cost and complexity of attacking software. The same technology helping Starr build his site is available to the people who would want to break into it.

The fix is not to make vibe coding harder or to gatekeep who gets to ship software. It is to build security review into the process before anything touches real user data — not as an afterthought, and definitely not months after launch. The tools that make building easy need to start making security review equally easy, because right now there is a widening gap between how fast people can ship and how fast they can think through what they just shipped.
Source: The Verge

Enjoyed this?

Get stories like this delivered every Tuesday — free.