Critical Copilot Vulnerability Let Hackers Steal 2FA Codes from Users
Ars Technica AI·2 days ago·Incident
A critical vulnerability in Microsoft Copilot, named SearchLeak, allowed malicious actors to steal two-factor authentication codes from users — among the most sensitive short-lived credentials in any security workflow. The exploit exposes a recurring weakness in LLM-integrated products: AI assistants with broad data access create novel attack surfaces that conventional security models fail to contain. Ars Technica frames the incident as evidence of the AI industry's persistent, systemic inability to get ahead of LLM-specific security threats.
