BREAKING
Critical Copilot Search Flaw Patched
0
bugs
chained flaws
0
click
to exploit
0
known attacks
How SearchLeak Worked
1
Prompt in URL 'q' param
↓
2
HTML render race
↓
3
SSRF via Bing proxy
New Vector vs Old Bugs
AI-specific
new
●
Prompt injection
●
Trusted-input abuse
Classic flaws
old
●
SSRF
●
Rendering race
Fixed Server-Side, June 2026
AI Agents, A New Attack Surface
AI NEWS BLITZ
A critical flaw in Microsoft 365 Copilot Search risked one-click data theft.