The Varonis Threat Labs team found a critical one-click exploit named SearchLeak that turns Microsoft Copilot into a silent data-stealing weapon. The three-stage attack combines older and newer techniques that, chained together, steal sensitive information.
As debate continues over Fable and Mythos restrictions, SearchLeak shows how AI can create and expose novel on-ramps into enterprise systems and quietly leak critical information.
SearchLeak follows our discovery of a dangerous Microsoft Copilot Personal vulnerability, Reprompt, in January.
The Varonis Threat Labs team have worked hand in hand with Microsoft to responsibly disclose SearchLeak. They gave it a max severity level of “critical” and assigned it CVE-2026-42824. We have just been cleared by Microsoft to publish.
Watch an expert walk through the attack in this short video: https://varonis.wistia.com/s/z5q0yct8vxwi7gt and read the full report here: https://www.varonis.com/blog/searchleak
Related
This entry was posted on June 18, 2026 at 12:17 pm and is filed under Commentary with tags Varonis. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Meet SearchLeak, the one-click Microsoft Copilot attack
The Varonis Threat Labs team found a critical one-click exploit named SearchLeak that turns Microsoft Copilot into a silent data-stealing weapon. The three-stage attack combines older and newer techniques that, chained together, steal sensitive information.
As debate continues over Fable and Mythos restrictions, SearchLeak shows how AI can create and expose novel on-ramps into enterprise systems and quietly leak critical information.
SearchLeak follows our discovery of a dangerous Microsoft Copilot Personal vulnerability, Reprompt, in January.
The Varonis Threat Labs team have worked hand in hand with Microsoft to responsibly disclose SearchLeak. They gave it a max severity level of “critical” and assigned it CVE-2026-42824. We have just been cleared by Microsoft to publish.
Watch an expert walk through the attack in this short video: https://varonis.wistia.com/s/z5q0yct8vxwi7gt and read the full report here: https://www.varonis.com/blog/searchleak
Share this:
Like this:
Related
This entry was posted on June 18, 2026 at 12:17 pm and is filed under Commentary with tags Varonis. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.