Researchers at Varonis disclosed a now-patched flaw in Microsoft 365 Copilot Enterprise Search that could have let an attacker silently steal data with a single click. Microsoft has fixed it on its side — but it's a useful warning about AI assistants in the workplace.
What happened
Dubbed "SearchLeak" (tracked as CVE-2026-42824), the technique chained three weaknesses together. A specially crafted link pointing to a genuine microsoft.com address could feed hidden instructions to Copilot, which would then search the victim's mailbox and quietly send data out through a trusted Microsoft service — slipping past normal anti-phishing and content-security defences. Because Copilot can reach whatever the signed-in user can, the potential haul included emails, calendar entries, SharePoint and OneDrive files, and even one-time MFA codes. Importantly, this was a proof-of-concept by researchers, with no sign it was used in the wild, and Microsoft fixed it server-side — so customers don't need to do anything for this specific bug.
Why it matters to you
AI assistants are being wired into the tools we use daily, and they inherit the user's access to company data. That makes them powerful — and a tempting new target. The fix here closed one flaw, but the broader class of "trick the AI into leaking data" risks isn't going away.
What to do
- Govern what AI can see. Limit the data Copilot (or any AI tool) indexes, and review file and mailbox permissions so the AI can't reach more than it should.
- Keep tenant access tidy with regular permission reviews.
- Treat AI as part of your attack surface, not a magic box — include it in your security thinking.
Worried about how any of this applies to your organisation? Get in touch and we'll talk it through — no jargon, no pressure.