Microsoft 365 Copilot is now used by many SMBs to boost productivity. But a critical flaw discovered in June 2026, called SearchLeak, shows that AI can also become an entry point for cybercriminals. Here’s what you need to know and, more importantly, what you need to do.
A critical vulnerability at the heart of Copilot 365
The SearchLeak flaw affects Microsoft 365 Copilot Enterprise — the professional edition integrated into your Microsoft 365 tenant. It allows an attacker, via a specially crafted URL, to abuse Copilot to access a targeted user’s sensitive data: their mailbox, OneDrive files or SharePoint documents.
All of this with a single click by the victim. No stolen password, no malware installed on the device. The attack leverages Copilot’s search and information-processing functions, repurposed from their normal use.
The good news: Microsoft has been notified and is working on a fix. The bad news: as long as your tenant is not up to date, the risk is real.
How the SearchLeak attack works
SearchLeak exploits a chain of vulnerabilities in how Copilot 365 processes requests and accesses your organisation’s resources. By sending a poisoned link to a user signed in to Copilot, an attacker can trigger a silent request that extracts confidential emails, contracts or HR data.
The attack vector is particularly insidious: it uses legitimate channels (Teams, e-mail, shared links) and generates no visible alert for the user. This is known as an indirect prompt injection attack: Copilot is manipulated into executing hidden instructions contained in content it reads.
For an SMB whose customer, financial or HR data flows through Microsoft 365, the potential impact is significant.
The data most exposed in your SMB
The resources accessible via Copilot 365 are the same ones most sought after by attackers:
- Exchange mailbox: quotes, contracts, exchanges with customers and suppliers
- Work OneDrive: strategic documents, financial reports, HR files
- SharePoint: internal knowledge bases, procedures, operational manuals
The more privileges a user has in your tenant, the greater the impact of a SearchLeak exploitation. Administrative accounts and senior management are therefore priority targets.
What this means for your SMB
- Apply Microsoft 365 updates immediately: check in the Microsoft 365 admin centre that your tenant is up to date and that the Copilot-related patches are applied.
- Limit Copilot access rights to the bare minimum: audit each Copilot user’s permissions. A salesperson does not need access to HR data via Copilot. Apply the principle of least privilege.
- Raise staff awareness about suspicious links: the attack requires a click on a poisoned link. Remind your teams never to click an unexpected link, even if it appears to come from a colleague.
Do you want to audit Copilot 365 configuration in your organisation and ensure your data is protected? Contact our Axentys experts.
Want to discuss this? Get in touch with our Axentys experts.