Critical Copilot vulnerability allowed hackers to steal 2FA code from users
2026-06-16 · Ars Technica
Microsoft's Copilot had a vulnerability called SearchLeak that let hackers steal users' two-factor authentication codes — because apparently the one thing AI is really good at is making your security measures completely useless. The exploit highlights how the industry keeps bolting AI onto everything without figuring out how to stop it from becoming a giant attack surface.