What is the SearchLeak vulnerability in Microsoft 365 Copilot?

SearchLeak is a vulnerability chain enabling attackers to steal corporate data from Microsoft accounts via a malicious link. The flaw affected the AI assistant's search and query processing mechanisms.

Which data types were at risk?

The vulnerability granted access to email contents, OneDrive files, and SharePoint documents. Attackers could extract confidential information without user awareness.

How can organizations protect against such attacks?

Microsoft has patched the vulnerability, but experts recommend updating software, enabling multi-factor authentication, and monitoring suspicious activity in corporate accounts.

← All news

Security

Critical Vulnerability in Microsoft 365 Copilot Enabled One-Click Data Theft

June 15, 2026

Photo: BleepingComputer

Quick answer

A critical vulnerability named SearchLeak was discovered in Microsoft 365 Copilot Enterprise, allowing attackers to steal data from emails, OneDrive, and SharePoint via malicious URLs.

Cybersecurity researchers uncovered a critical vulnerability in Microsoft 365 Copilot Enterprise that could turn the AI assistant into a data theft tool. Dubbed SearchLeak, the flaw allowed attackers to access sensitive information from victims' emails, OneDrive, and SharePoint via a specially crafted URL.

The issue stemmed from improper handling of search queries within Copilot. Attackers could create a link that automatically triggered internal data searches, bypassing standard security mechanisms. The attack required just one click from the user, after which data was transmitted to a server controlled by the attacker.

Microsoft responded swiftly to the researchers' report by releasing a patch to address the vulnerability. However, experts emphasize that such incidents highlight growing risks associated with AI system integration into corporate workflows. Vulnerabilities in natural language processing mechanisms could become new entry points for cyberattacks.

Organizations using Microsoft 365 Copilot Enterprise are advised to conduct a security audit and verify the absence of suspicious activity in their systems. Special attention should be given to access logs for emails and cloud storage, along with configuring additional monitoring tools for AI assistants.

Common questions

What is the SearchLeak vulnerability in Microsoft 365 Copilot?: SearchLeak is a vulnerability chain enabling attackers to steal corporate data from Microsoft accounts via a malicious link. The flaw affected the AI assistant's search and query processing mechanisms.
Which data types were at risk?: The vulnerability granted access to email contents, OneDrive files, and SharePoint documents. Attackers could extract confidential information without user awareness.
How can organizations protect against such attacks?: Microsoft has patched the vulnerability, but experts recommend updating software, enabling multi-factor authentication, and monitoring suspicious activity in corporate accounts.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml