Published: · Region: Global · Category: cyber

CONTEXT IMAGE
American multinational technology company
Context image; not from the reported event. Photo via Wikimedia Commons / Wikipedia: Microsoft

Microsoft 365 Copilot Flaws Expose Corporate Emails and One-Time Codes in One Click

Security researchers chained three bugs in Microsoft 365 Copilot’s enterprise search to pull emails, calendar entries, indexed files, and even one-time passcodes from targeted accounts. The attack needed just one click on a trusted Microsoft link, turning a flagship AI productivity tool into a high‑value espionage risk for governments and companies.

A set of vulnerabilities in Microsoft’s flagship AI assistant for business has revealed how quickly productivity tools can become intelligence tools — for the wrong side. Security researchers have disclosed that three chained flaws in Microsoft 365 Copilot Enterprise Search allowed an attacker, with a single trusted link, to siphon off sensitive corporate data including emails, calendars, indexed files and one-time authentication codes.

According to the researchers’ public description, the exploit did not rely on classic phishing tricks such as fake login pages or obvious credential theft. Instead, it leveraged how Copilot’s enterprise search function handles internal Microsoft links and authorization flows. One carefully crafted link, presented as legitimate Microsoft content, was enough to trigger Copilot into retrieving and exposing data from the victim’s environment that should have remained shielded behind corporate access controls.

The kinds of information exposed go to the heart of corporate and governmental operations: email correspondence between executives and partners; calendar entries that can reveal travel plans, internal meetings or negotiations; documents and files indexed by the enterprise; and critically, one-time codes that some organizations use as part of multi-factor authentication. In the wrong hands, that data is a roadmap for espionage, social engineering and follow-on intrusions.

For employees, the risk is unnervingly simple: clicking on what looks like a standard Microsoft link — something they have been trained for years to treat as safe — could have opened a window into their entire digital work life without any obvious sign something was wrong. Attackers would not need victims to type passwords into a bogus site or approve suspicious prompts; the AI system itself became the broker of access.

At the operational level, this kind of flaw challenges core assumptions about "zero trust" and internal segmentation. Many organizations have begun to centralize knowledge and documents into AI-augmented search tools on the promise of efficiency. That consolidation means a breach of the AI layer can act as a breach of everything it can see. An adversary that compromises a single Copilot session might not just read one mailbox but pivot across projects, departments and even subsidiaries, depending on how permissions are mapped.

For intelligence and defense communities, the implications extend beyond corporate IP theft. Governments are also experimenting with AI assistants to summarize cables, search classified repositories, and help staff manage workload. The Microsoft 365 Copilot flaws, while disclosed in an enterprise context, are a warning shot: a misconfigured or vulnerable AI layer tied into sensitive networks can quietly exfiltrate material at the speed of a search query.

The broader pattern is that AI-powered platforms are collapsing traditional lines between application, identity, and data — and attackers are adapting just as quickly. An exploit that once would have required multiple stages of phishing, credential harvesting and lateral movement can now, in some cases, be reduced to persuading a target to open a single link in the right environment. The risk is no longer theoretical; researchers have demonstrated it step by step.

The standout insight from this episode is blunt: when an AI assistant can see across your organization, any flaw in that assistant becomes a single point of strategic failure. Protecting that layer is no longer a convenience issue; it is a matter of corporate survival and, for some, national security.

What to watch next will be how quickly Microsoft patches and hardens Copilot’s authorization and search boundaries, whether regulators or data protection authorities demand disclosures from affected customers, and how other vendors audit their own AI integrations for similar cross-domain access risks. Security teams will also be reassessing training and access policies, knowing that "don’t click suspicious links" is no longer enough guidance when the danger can hide behind a familiar logo.

Sources

Related Coverage

GLOBAL

Popular WordPress Plugins Hit by Supply‑Chain Backdoor, Exposing Millions of Sites

Attackers tampered with JavaScript used by three widely deployed WordPress tools — PushEngage, OptinMonster and TrustPulse — planting hidden backdoors that could create rogue admin accounts and web shells. With more than 1.2 million sites running the plugins, the incident shows how a single compromised script in the supply chain can put publishers, businesses and readers at risk.
FORECAST

Oil Benchmarks Extend Selloff as Hormuz Flows Resume Despite Isolated Attack

Global · 24h
FORECAST

Global Risk-On Rally Broadens as Middle East War Premium Unwinds and Tech Exuberance Builds

Global · 7d
GLOBAL

France’s Macron to Co‑Lead Hormuz Security Mission as G7 Eyes Energy Chokepoint

Emmanuel Macron says France will pilot a new security mission in the Strait of Hormuz alongside Britain and expects G7 leaders to seal a deal on rare earths and critical minerals. The twin moves put Paris at the center of efforts to protect a vital oil chokepoint and loosen Western dependence on China‑linked supply chains.
FLASH

FLASH: Trump–Iran Pact Starts Hormuz Reopening, Eases War Risk but Leaves Israel–Lebanon Front Hot

Trump and Iranian officials have electronically signed a U.S.–Iran memorandum that begins lifting the U.S. naval blockade of the Strait of Hormuz, with Trump saying the waterway is already partially open and will be fully free-sailing and toll-free by Friday. U.S. officials signal sanctions relief and unfreezing of Iranian funds while stressing Israel is not required to withdraw from Lebanon, locking in an energy and markets windfall for Tehran without de-escalating the Israel–Hezbollah battlefield.
FLASH

US–Iran MoU Signed; Hormuz Reopening, Sanctions Relief Signaled

The US and Iran have electronically signed an MoU, with Trump stating the Strait of Hormuz is partially open now and will be fully open by Friday, while senior US officials signal sanctions relief and release of frozen Iranian funds. This points to a rapid normalization of Iranian crude exports and removal of the Hormuz disruption risk premium, pressuring oil benchmarks lower and easing broader Middle East risk pricing.