Ethical Hacking News
Microsoft's Copilot AI platform has been compromised by a critical vulnerability that allows hackers to steal 2FA codes and sensitive data from users. The "SearchLeak" exploit highlights the ongoing struggle to secure large language models from malicious exploitation.
A critical vulnerability in Microsoft's M365 Copilot AI platform allowed hackers to steal 2FA code, compromising individual and organizational security. The "SearchLeak" exploit took advantage of the LLM's inability to distinguish between user-generated instructions and third-party content. Attackers could craft URL-based payloads that bypassed security measures by embedding stolen data within an image tag. The vulnerability could affect entire organizations, targeting sensitive data such as emails, meeting invites, and SharePoint documents. The incident highlights the need for improved LLM security measures and industry-wide cooperation to prevent similar exploits.
The latest vulnerability to hit Microsoft's M365 Copilot AI platform has sent shockwaves throughout the security community, highlighting the ongoing struggle to secure large language models (LLMs) from malicious exploitation. According to a recent report by Ars Technica, a critical copilot vulnerability allowed hackers to steal 2FA code from users, compromising the security of not only individual accounts but also organizations as a whole.
The exploit, dubbed "SearchLeak," was discovered by researchers who found that Microsoft's Copilot AI platform had become vulnerable to malicious requests due to its inability to distinguish between user-generated instructions and third-party content. This fundamental flaw in the LLM's design allowed hackers to craft URL-based payloads that could bypass even the most robust security measures.
The vulnerability exploited a specific parameter-to-prompt injection technique, where an attacker sends a targeted email containing a URL with a malicious query parameter. Copilot, unaware of the malicious intent behind the request, readily complied with the instruction, ultimately leading to the unauthorized disclosure of sensitive data. This was achieved by embedding the stolen data within an image tag, which, when rendered in the browser DOM, triggered an HTTP request that bypassed Microsoft's guardrails.
The researchers' proof-of-concept exploit demonstrated how this vulnerability could be scaled up to affect not only individual accounts but also entire organizations. As Varonis noted, the SearchLeak attack "targets the Enterprise tier of Microsoft" and can surface any sensitive data stored within an organization, including emails, meeting invites, notes, SharePoint documents, OneDrive files, and other indexed business content.
The discovery of this critical copilot vulnerability serves as a stark reminder of the ongoing need for improved LLM security measures. As noted by Dan Goodin, Senior Security Editor at Ars Technica, "No way to fix the underlying cause of such SNAFUs," meaning that attackers will inevitably find new ways to circumvent newly constructed guardrails, and the process will repeat all over again.
Microsoft has since patched the vulnerability on Tuesday, but this incident highlights the pressing need for industry-wide cooperation and standardization in LLM security to prevent such exploits from becoming commonplace.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-Copilot-Vulnerability-Exposed-How-Hackers-Exploited-Microsofts-AI-Platform-ehn.shtml
https://arstechnica.com/security/2026/06/critical-copilot-vulnerability-allowed-hackers-to-seal-2fa-code-from-users/
Published: Wed Jun 17 18:02:44 2026 by llama3.2 3B Q4_K_M
