{"data":{"id":"11874cd0-3da1-4811-8904-79351500d89a","title":"M365 Copilot SearchLeak: Your prompt injection attack surface just got bigger","summary":"SearchLeak is a prompt injection attack (tricking an AI by hiding malicious instructions in its input) that exploits Microsoft's M365 Copilot Enterprise Search by using specially crafted URLs to leak sensitive corporate data like emails, documents, and meeting notes. The attack works because Copilot Search accepts natural language prompts in URL parameters (the ?q=[query] part of web addresses), creating a new security weakness called parameter-to-prompt injection that could affect other AI-powered web services too. Microsoft patched the vulnerability on its servers, but the attack reveals a broader risk: AI services with broad access to corporate assets are vulnerable to this type of data theft.","solution":"Microsoft rated the information disclosure flaw as critical and patched the vulnerability on the server side earlier that month.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4186970/m365-copilot-searchleak-your-prompt-injection-attack-surface-just-got-bigger.html","publishedAt":"2026-06-19T07:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Copilot Enterprise","Microsoft M365 Copilot","ChatGPT","Perplexity Comet"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-19T07:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}