Every Old Vulnerability Is Now an AI Vulnerability

The integration of generative AI assistants into everyday productivity suites has moved from novelty to necessity, with Microsoft’s Copilot now embedded in Office applications such as Excel. While these agents boost efficiency by interpreting data and generating insights, they also inherit the host application’s permission set, effectively blurring the line between user‑driven actions and autonomous code execution. Security teams that have long relied on classic vulnerability taxonomies—XSS, SQL injection, buffer overflow—are now confronted with a new attack surface where any flaw can be weaponized by an AI component. CVE‑2026‑26144 illustrates this shift.

The XSS bug triggers a script when a malicious Excel file is opened, but instead of stealing cookies, the script commandeers the Copilot Agent to read every cell and post the contents to an attacker‑controlled endpoint—all without user interaction or visible prompts. This “privilege amplification” turns a medium‑severity XSS into a full‑blown data‑exfiltration vector, expanding the blast radius to match the AI’s access rights. Traditional CVSS scoring, which measures exploit complexity and impact, fails to capture the autonomous capabilities introduced by the agent.

Enterprises must adapt their defenses. Immediate steps include patching the disclosed CVE, blocking outbound network traffic from AI‑enabled applications, and creating separate monitoring rules for AI‑initiated connections. Longer‑term strategies involve revising threat models to treat AI assistants as privileged components, updating vulnerability scoring frameworks to reflect AI amplification, and enforcing granular permission controls on agentic features. As more vendors embed AI agents, the pattern identified by Nik Kale will repeat, making AI‑amplified exploits a standard consideration for risk management and compliance programs.