A critical security vulnerability in Microsoft Copilot allowed attackers to steal two-factor authentication codes from users, according to Ars Technica. The exploit, dubbed "SearchLeak" by researchers, highlights what Ars Technica describes as a repeating failure in how the industry approaches security for large language model-based tools.
Two-factor authentication — the second step that sends a code to your phone or email when you log in — is widely considered one of the most reliable defenses against account takeovers. A flaw that lets an attacker intercept those codes effectively neutralizes that protection entirely, potentially allowing full account access even when a password has not been compromised.
The vulnerability falls into a category of AI-specific attacks that exploit how LLMs process and retrieve information, rather than targeting traditional software weaknesses like unpatched code or misconfigured servers. As AI assistants like Copilot are woven deeper into workplace tools — reading emails, searching files, summarizing documents — they also gain access to sensitive data that can be manipulated or exfiltrated if the underlying model is tricked.
Microsoft has not yet issued a public statement on the record, based on available sourcing. Ars Technica's framing of the issue as a systemic industry problem, not just a one-off Microsoft slip, suggests researchers believe similar weaknesses likely exist in competing AI assistant products.
This matters because millions of people and businesses now rely on AI copilots to handle sensitive workflows — and this case shows that securing those tools requires an entirely different playbook than traditional software security.