Researchers have exploited a vulnerability in Microsoft’s Copilot Studio tool allowing them to make external HTTP requests that can access sensitive information regarding internal services within a cloud environment — with potential impact across multiple tenants.