Critical Copilot vulnerability allowed hackers to seal 2FA code from users # AI https:// arstechnica.com/security/2026/ 06/critical-copilot-vulnerability-allowe
Microsoft has patched a critical vulnerability in its M365 Copilot AI platform that allowed attackers to extract sensitive data, including two-factor authentication (2FA) codes. Security researchers demonstrated an exploit, dubbed SearchLeak, which leveraged prompt injection techniques to bypass Copilot's security guardrails. The vulnerability highlights a fundamental challenge in AI security where models struggle to differentiate between user instructions and malicious content embedded in data they process. AI
IMPACT Highlights a persistent security challenge in AI models' inability to distinguish trusted instructions from malicious data, potentially impacting user trust and data security.