Microsoft patches critical Copilot vulnerabilities that enabled silent data exfiltration (opens in new tab)

Security researchers recently identified critical vulnerabilities in Microsoft 365 Copilot that allowed attackers to exfiltrate sensitive organizational data. These exploits, known as SearchLeak and EchoLeak, utilized prompt injection techniques to bypass standard security boundaries without requiring user interaction. The flaws targeted the enterprise tier of the service, potentially exposing any information the AI could access within a tenant's environment. <a href="