Patched Microsoft 365 Copilot 'SearchLeak' flaw enabled one-click data theft

Security researchers disclosed 'SearchLeak,' a critical three-stage attack that weaponized Microsoft 365 Copilot into a one-click data-exfiltration tool. The exploit chained hidden URLs and prompt-injection variables to coax Copilot into leaking sensitive enterprise data with minimal user interaction. Microsoft has since patched the vulnerability, but researchers framed it as proof that prompt injection via hidden content is now a practical, real-world exfiltration vector rather than a theoretical concern.

The attack mechanics matter for every enterprise deploying AI assistants over internal data: because Copilot operates with broad access to documents, email, and search across the Microsoft 365 estate, a single successful injection can turn a productivity tool into an insider-threat surface. The disclosure adds to a fast-growing class of AI prompt-injection issues and renewed calls for a shared security language and governance standards around LLM-integrated applications.

In a related signal, Microsoft has begun letting administrators uninstall Copilot — a notable concession to enterprise IT teams seeking control over AI deployment risk. SearchLeak lands in a week already charged with AI-security anxiety, from the Anthropic Fable jailbreak driving export controls to AWS WAF's new tools for managing AI bot traffic. Together they underscore that securing AI systems — not just building more capable ones — is becoming a board-level priority. Watch for further prompt-injection disclosures across other vendors' enterprise assistants.