{"data":{"id":"f84f9565-be1e-4abf-b5c1-08b6d7fe4baf","title":"Copilot 'SearchLeak' Attack Allows 1-Click Data Theft","summary":"A critical three-stage attack called 'SearchLeak' could allow attackers to steal data from Microsoft Copilot with just one click by exploiting prompt injection (tricking an AI by hiding instructions in its input) through hidden URLs and other hidden variables. This attack is part of a larger category of security issues affecting AI systems that use similar injection techniques. The vulnerability has already been patched.","solution":"The attack has been patched, though the source does not specify the patch version or detailed remediation steps.","labels":["security"],"sourceUrl":"https://www.darkreading.com/application-security/copilot-searchleak-attack-1-click-data-theft","publishedAt":"2026-06-15T19:27:48.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft Copilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-15T19:27:48.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}