MICROSOFT recently patched a critical vulnerability in its M365 Copilot AI platform, which allowed hackers to extract two-factor authentication (2FA) codes and other sensitive data from user emails. Researchers from Varonis demonstrated a proof-of-concept exploit called 'SearchLeak' that circumvented existing guardrails by utilizing a Parameter-to-Prompt Injection technique through specially crafted URLs.
This method enabled attackers to access sensitive information from emails and other organizational data simply by having the victim click a link. Despite Microsoft's fix for the vulnerability, the inherent challenges of safeguarding AI systems against such exploits remain, leaving the potential for further attacks as attackers adapt to new defenses.