A novel Microsoft Copilot attack that researchers named "SearchLeak" would have enabled an attacker to silently exfiltrate user files, including emails, meeting notes, OneDrive files, SharePoint documents, and other business files the user has access to. Recently, Varonis Threat Labs detailed the three-stage vulnerability, which works as a relatively unknown subset of indirect prompt-injection attacks called parameter-to-prompt injection (P2P), which needs to be on defender radar screens.[1]
Ho
