A recent proof-of-concept attack against Microsoft’s M365 Copilot Enterprise highlights what could be a much broader prompt injection threat based on a common way many AI-enhanced web services operate.
Dubbed SearchLeak, the attack hinged on a typical malicious objective: to leak sensitive corporate data by tricking employees to click on specially crafted links.
To carry out the attack, researchers combined three weaknesses in the Copilot Enterprise Search implementation — one of which stands out as a potential issue in other AI-enabled applications as well. Microsoft, which rated the information disclosure flaw as critical, patched the vulnerability on the server side earlier this month, bu...