Your Copilot data can be hijacked with a single click - here's how

**Reprompt** is a one-click attack described by Varonis that abuses the 'q' URL parameter in Microsoft Copilot to inject malicious prompts and chain repeated requests, enabling stealthy exfiltration of user-submitted data (including PII); Varonis published a PoC, disclosed the issue to Microsoft (which patched it before public disclosure), and recommends treating URL/external inputs as untrusted and adding safeguards against prompt chaining and repeated actions.