AI agents leak secrets through messaging app link previews

Feb 2026

PromptArmor demonstrated that AI agents in messaging platforms can exfiltrate sensitive data without any user interaction. Malicious prompts trick AI agents into generating URLs with embedded secrets (API keys, credentials), and the messaging platform's automatic link preview feature fetches these URLs, completing the exfiltration before the user even sees the message. Microsoft Teams with Copilot Studio was the most affected, with Discord, Slack, Telegram, and Snapchat also vulnerable.

Incident Details

Perpetrator:AI agent platform

Severity:Facepalm

Blast Radius:Organizations using AI agents in messaging platforms; API keys, credentials, and sensitive data exfiltrable without user clicks across Microsoft Teams, Discord, Slack, Telegram, and Snapchat

Tech Stack

Microsoft Copilot StudioMicrosoft TeamsDiscordSlackTelegram

References

The Register: AI Agents Can Leak Data Through Messaging App Link Previews ↗The Hacker News: ThreatsDay Bulletin -- AI Prompt RCE, Claude 0-Click, and 25+ Stories ↗