{"id":275894,"date":"2026-06-19T03:02:00","date_gmt":"2026-06-19T07:02:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/19\/m365-copilot-searchleak-your-prompt-injection-attack-surface-just-got-bigger\/"},"modified":"2026-06-19T07:40:35","modified_gmt":"2026-06-19T11:40:35","slug":"m365-copilot-searchleak-your-prompt-injection-attack-surface-just-got-bigger","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/19\/m365-copilot-searchleak-your-prompt-injection-attack-surface-just-got-bigger\/","title":{"rendered":"M365 Copilot SearchLeak: Your prompt injection attack surface just got bigger"},"content":{"rendered":"<p><a href=\"https:\/\/www.csoonline.com\/article\/4186970\/m365-copilot-searchleak-your-prompt-injection-attack-surface-just-got-bigger.html\">M365 Copilot SearchLeak: Your prompt injection attack surface just got bigger<\/a><\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/4186970\/m365-copilot-searchleak-your-prompt-injection-attack-surface-just-got-bigger.html\">https:\/\/www.csoonline.com\/article\/4186970\/m365-copilot-searchleak-your-prompt-injection-attack-surface-just-got-bigger.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-19 03:02:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.csoonline.com\">www.csoonline.com<\/a><\/p>\n<p>In the case of Copilot Enterprise Search, Microsoft had a guardrail in place that enclosed the LLM\u2019s search responses inside  blocks, presenting it to the browser as text. Varonis researchers found, however, that this wrapping did not apply until after the model finished its thinking phase. The thinking process itself was still rendered as HTML in the user\u2019s browser.<\/p>\n<p>\u201cThis is a textbook race condition,\u201d the researchers said. \u201cThe guardrail is a post-processing step applied to the final output, but the browser doesn\u2019t wait for \u2018final\u2019 \u2014 it renders incrementally. By the time the sanitizer activates, the damage is done.\u201d<\/p>\n<p>Microsoft had a second guardrail, the Content Security Policy (CSP), that allows website owners to define what external domains can load resources into the page. In this case, the CSP for m365.cloud.microsoft.com also allowed resources from *.bing.com, Microsoft\u2019s search engine.<\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/4186970\/m365-copilot-searchleak-your-prompt-injection-attack-surface-just-got-bigger.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>M365 Copilot SearchLeak: Your prompt injection attack surface just got bigger https:\/\/www.csoonline.com\/article\/4186970\/m365-copilot-searchleak-your-prompt-injection-attack-surface-just-got-bigger.html Publish Date: 2026-06-19&#8230;<\/p>\n","protected":false},"author":1,"featured_media":275895,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.csoonline.com\/wp-content\/uploads\/2026\/06\/4186970-0-01970200-1781852523-monoar_cgi_artist-question-6750015.jpg?quality=50&strip=all&w=1024","fifu_image_alt":"","footnotes":""},"categories":[14],"tags":[17,57],"class_list":["post-275894","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-artificial-intelligence","tag-llm","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275894"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=275894"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275894\/revisions"}],"predecessor-version":[{"id":275896,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275894\/revisions\/275896"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/275895"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=275894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=275894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=275894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}