Security researchers at Varonis Threat Labs have disclosed a one-click flaw in Microsoft 365 Copilot Enterprise Search that could quietly pull emails, calendar entries, OneDrive and SharePoint files — and even live one-time MFA codes — out of a victim’s account. Dubbed SearchLeak (CVE-2026-42824), the attack needed nothing more than a single click on a link that pointed to a genuine microsoft.com address, as reported by The Hacker News. The good news: Microsoft has already fixed it on its own servers, so there’s nothing for you to patch.

So why does it matter if it’s already fixed? Two reasons. First, because the malicious link used a real Microsoft domain, your normal phishing filters and URL scanners were never going to flag it — the usual safety nets simply don’t apply. Second, and more importantly, the attacker inherited whatever the signed-in user could see. Copilot reaches across mailboxes, files and calendars in a single query, so one careless click could expose a lot. For any business rolling out Copilot, that’s a sharp reminder that AI assistants widen your attack surface in ways that aren’t obvious.

There’s no emergency patching to do here, but treat this as a prompt to look at how you govern AI tools. Ask who actually has Copilot, what data it’s allowed to index, and whether that access is scoped to what each role genuinely needs. The less Copilot can reach, the less any future flaw can leak. It’s also worth keeping an eye out for odd Copilot Search links carrying HTML or code where a plain question should be.

If you’re not sure how your Microsoft 365 environment is configured, or who can see what through Copilot, that’s exactly the kind of review we run for clients. Getting the guardrails right now is far cheaper than cleaning up after a leak later.