SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon
Varonis, Monday, June 15th, 2026
Varonis Threat Labs found a vulnerability chain that turns M365 Copilot into a one-click data exfiltration tool.
Varonis Threat Labs uncovered a critical vulnerability chain in Microsoft 365 Copilot Enterprise dubbed SearchLeak. The flaw allows an attacker to steal sensitive data, including MFA codes, email messages, meeting details, and private organizational files, with a single click.
The research demonstrates how Copilot's deep access to enterprise data can be abused to silently exfiltrate information. The post details the attack flow and offers guidance on detecting and mitigating this class of AI-assistant data exposure.