Copilot vulnerability exposed 2FA codes

A critical vulnerability in Microsoft Copilot, dubbed SearchLeak, has been discovered, allowing malicious actors to steal two-factor authentication (2FA) codes from users. This exploit highlights significant security flaws in the current industry approach to large language model (LLM) security. The vulnerability leverages how LLMs process search queries, potentially exposing sensitive user data and compromising account security. This incident underscores the urgent need for more robust security measures in AI-powered tools to prevent widespread data breaches and protect user credentials from sophisticated cyber threats.