Exploiting Markdown Injection in AI agents: Microsoft Copilot Chat and Google Gemini

This research report details markdown injection attacks against AI agents (Copilot Chat and Google Gemini) that enable zero-click (image-rendering GET requests) and one-click (malicious links) data exfiltration of sensitive information such as API keys; it demonstrates proof-of-concept exfiltration, analyzes impact and mitigations (Markdown sanitization, CSP), and documents vendor responses (Google: Won't Fix/Infeasible; Microsoft: acknowledged but classified not a vulnerability).