Microsoft has patched a critical vulnerability in its M365 Copilot AI platform that allowed attackers to extract sensitive data, including two-factor authentication (2FA) codes. Security researchers demonstrated an exploit, dubbed SearchLeak, which leveraged prompt injection techniques to bypass Copilot's security guardrails. The vulnerability highlights a fundamental challenge in AI security where models struggle to differentiate between user instructions and malicious content embedded in data they process. AI
IMPACT Highlights a persistent security challenge in AI models' inability to distinguish trusted instructions from malicious data, potentially impacting user trust and data security.
RANK_REASON The cluster describes a security vulnerability and exploit in an existing AI product, not a new model release or fundamental research.
- Ars Technica
- Copilot
- GitHub
- GitHub Copilot
- M365 Copilot
- Microsoft
- SearchLeak
- two-factor authentication
- Varonis
AI-generated summary · Google Gemini · from 3 sources. How we write summaries →
