Critical Copilot Vulnerability Exposed 2FA Codes to Hackers in SearchLeak Exploit

A newly discovered vulnerability in Microsoft Copilot allowed attackers to extract two-factor authentication codes from users through a technique called SearchLeak, potentially bypassing critical security measures. The exploit highlights systemic weaknesses in how the industry approaches large language model security, with researchers indicating this represents a recurring pattern of preventable flaws.

Why it matters: As enterprises deploy AI assistants with access to sensitive user data and authentication systems, this vulnerability demonstrates that current LLM security practices are inadequate—a warning sign for organizations relying on AI tools for secure operations.