M365 Copilot SearchLeak: Your prompt injection attack surface just got bigger
Summary
A proof-of-concept attack named SearchLeak has demonstrated a significant prompt injection vulnerability in Microsoft 365 Copilot Enterprise. This attack exploits how Copilot Search handles URL parameters, allowing them to be used as natural language prompts to exfiltrate sensitive corporate data that the user has access to.
IFF Assessment
This vulnerability allows for sensitive corporate data exfiltration, posing a direct threat to defenders.
Severity
The attack leverages a critical information disclosure flaw by exploiting prompt injection via URL parameters, leading to unauthorized access to sensitive corporate data. This suggests a high impact on confidentiality and a moderate attack complexity.
Defender Context
This attack highlights a new attack surface in AI-enhanced services where traditional URL parameters can be weaponized for prompt injection. Defenders should be vigilant about how AI tools access and process data, and scrutinize external links for potential prompt injection vectors, especially when AI services are integrated with sensitive corporate resources.