The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.
Originally published at darkreading.com
SecurityAI-assisted1 min read
Copilot 'SearchLeak' Attack Allows 1-Click Data Theft
A critical three-stage 'SearchLeak' attack vulnerability in Microsoft Copilot has been patched that enabled one-click data theft through AI prompt-injection techniques. The attack exploited hidden URLs and other variables to extract sensitive information, representing an emerging class of security threats targeting AI-powered enterprise tools.
▸ Want a deeper look?
Talk to an architect about applying this to your stack.
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
▸ Continue reading
