🚨 One Click, No Typing: How SearchLeak Weaponized Microsoft 365 Copilot

Imagine this: You receive a link to a document on a trusted microsoft.com domain. You click it, the familiar Microsoft 365 interface loads, and... that’s it. You didn’t type a word. You didn’t authorize a new app. But behind the scenes, your AI assistant just scoured your emails, grabbed your latest MFA codes, and sent them to an attacker.

Welcome to SearchLeak (tracked as CVE-2026-42824).

This isn't just another prompt injection bug. It’s a masterclass in how "legacy" web vulnerabilities, like race conditions and CSP bypasses, can be chain-linked with AI to create something truly dangerous.

Let’s break down the three stages of this attack and what it teaches us about building secure AI agents.

Stage 1: The Parameter-to-Prompt (P2P) Injection