A Customer Service AI Agent Spits Out Complete Salesforce Records in an Attack by Security Researchers - CX Today

Security researchers demonstrated a prompt injection attack against an AI agent built on Microsoft Copilot Studio, enabling it to reveal private knowledge and complete Salesforce CRM records without human verification. Although Microsoft patched the specific vulnerability, Zenity warns that thousands of public-facing AI agents remain susceptible to similar "agent aijacking" attacks.