Researchers at security firm Varonis demonstrated a proof-of-concept attack on Microsoft 365 that uses Copilot Enterprise Search as an unwitting insider to potentially steal sensitive information from emails, OneDrive or SharePoint. The vulnerability, named SearchLeak, chains together three separate types of bug, triggered by a single click on a legitimate-looking Microsoft link, requiring no authentication bypass, privilege escalation or malware. Copilot Enterprise Search blindly executes instructions hidden in the query string as prompts, accessing user data across the M365 ecosystem. By inducing an HTML race condition, researchers forced Copilot to act on a malicious prompt before output sanitisation, embedding the output in <img> tags. The third link, server-side request forgery (SSRF), uses Bing’s default permissions to fetch the supposed image from an attacker-controlled server. "The result: a victim in a Copilot Enterprise tenant clicks a link → Copilot searches their mailbox, calendar, and indexed organisational content → the data ends up on the attacker's server," Varonis researchers explained. Microsoft has now fixed the vulnerability server-side, but security teams are advised to monitor for suspicious Copilot Search URLs and revisit allowlists.