A critical security flaw in Microsoft's Copilot AI assistant recently allowed attackers to intercept and steal two-factor authentication (2FA) codes from users, according to a report by Ars Technica. The vulnerability, dubbed "SearchLeak," underscores persistent and fundamental shortcomings in how the technology industry approaches security for large language models (LLMs).
The exploit enabled malicious actors to trick the Copilot tool into retrieving and exposing one-time passcodes delivered to a user via text message or an authenticator app — effectively bypassing a key layer of account security designed to protect user credentials. While the full technical details of the attack chain and the precise scope of affected users were not immediately disclosed, the core issue — an AI assistant leaking sensitive, real-time authentication data — represents a severe breach of user trust and security protocols.
The incident is not an isolated bug but a symptom of a broader, recurring failure. Security researchers have long warned that traditional software security models are poorly suited to LLMs, which process and synthesise vast amounts of data in ways that are inherently difficult to predict and contain. The SearchLeak exploit illustrates this challenge vividly: a tool designed to help users was weaponised to exfiltrate one of their most sensitive pieces of data.
The discovery raises urgent questions about the security vetting processes for AI features embedded in widely used productivity suites. It remains unclear who initially uncovered the SearchLeak vulnerability or what timeline exists for its full resolution. Microsoft had not issued a detailed public statement regarding the flaw at the time of writing, leaving the wider community to piece together the implications from disclosed technical details.
For IT professionals and the open-source community, the incident serves as a critical case study. It highlights the need for new security paradigms that account for the unique behaviours of AI systems — including their propensity to act on ambiguous or malicious prompts in unintended ways. The continuous cycle of uncovering high-impact flaws suggests that rapid deployment of AI features is outpacing rigorous, adversarial security testing.
As AI assistants become deeply embedded in everyday workflows, the attack surface for end users expands in novel and dangerous ways. The industry's challenge is no longer just about patching code — it is about fundamentally rethinking how to secure systems that learn, reason, and interact with user data in unpredictable manners.
根據 Ars Technica 的報告,微軟旗下 Copilot AI 助理近期存在一個嚴重安全漏洞,允許攻擊者截取並竊取用戶的雙重認證(2FA)驗證碼。這個被命名為「SearchLeak」的漏洞,凸顯科技產業在應對大型語言模型(LLM)安全問題上長期存在的根本性缺陷。
此漏洞利用手法使惡意行為者得以誘騙 Copilot 工具檢索並暴露透過簡訊或認證應用程式發送給用戶的一次性密碼——實質上繞過了旨在保護用戶憑證的關鍵帳戶安全層。儘管攻擊鏈的完整技術細節及受影響用戶的確切範圍尚未立即披露,但核心問題——AI 助理洩露敏感的即時認證數據——已構成對用戶信任和安全協議的嚴重破壞。
此事件並非孤立的程式錯誤,而是更廣泛且反覆出現的安全失靈的表徵。安全研究人員早已警告,傳統軟件安全模型並不適用於大型語言模型,因其處理與合成海量數據的方式本質上難以預測和控制。SearchLeak 漏洞利用手法生動地說明了這一挑戰:一個設計用於輔助用戶的工具,竟被武器化用來竊取用戶最敏感的數據之一。
此發現引發了關於嵌入式 AI 功能安全審查流程的迫切疑問——這些功能已廣泛存在於各類生產力套件中。目前尚不清楚是誰最初發現 SearchLeak 漏洞,亦不確定其全面修復的時間表。截至撰稿時,微軟尚未就該漏洞發表詳細公開聲明,外界社群只能根據已披露的技術細節拼湊事件全貌。
對 IT 專業人員及開源社群而言,此事件是一個關鍵案例研究。它凸顯了建立新安全範式的必要性——這些範式必須考量 AI 系統的獨特行為,包括其傾向於以非預期方式回應模糊或惡意提示的特質。持續發現高影響力漏洞的現象表明,AI 功能的快速部署已超越嚴謹且具對抗性的安全測試步伐。
隨著 AI 助理深度嵌入日常工作流程,終端用戶的攻擊面正以新穎且危險的方式擴大。產業面臨的挑戰不再僅僅是修補代碼,而是必須從根本上重新思考:如何保護那些以不可預測方式學習、推理並與用戶數據互動的系統。