Microsoft patched CVE-2026-26133 on March 11, 2026 — a cross-prompt injection vulnerability in Copilot’s email and Teams summarization that let attackers shape what your AI told you, without a single attachment or macro. The specific exploit is closed. But the attack exposed something a patch alone cannot fix: Copilot trusts the content it reads, and in a misconfigured tenant, that trust is a liability. Here is what happened, why it matters beyond the CVE, and what admins should actually do about it.