A critical vulnerability in Microsoft's M365 Copilot AI platform allowed attackers to extract two-factor authentication codes from user emails, as revealed by researchers who discovered and reported the flaw to Microsoft1. The vulnerability, rated as max critical, was patched by Microsoft last Tuesday. The issue stems from the AI's inability to differentiate between legitimate user instructions and malicious requests embedded in third-party content. This limitation enables hackers to trick the AI into divulging sensitive information. The vulnerability highlights the security risks associated with large language models, which can be exploited to reveal confidential data. The fact that AI bots cannot distinguish between legitimate and malicious requests raises concerns about the security implications of these models. This matters to security practitioners because it underscores the need to carefully evaluate the security risks of AI-powered tools, particularly those with access to sensitive user data.
Critical Copilot vulnerability allowed hackers to steal 2FA code from users
⚠️ Critical Alert
Why This Matters
LLM developments from Microsoft reshape both capability and risk surfaces — security implications trail the hype cycle.
References
- Ars Technica. (2026, June 16). Critical Copilot vulnerability allowed hackers to steal 2FA code from users. https://arstechnica.com/security/2026/06/critical-copilot-vulnerability-allowed-hackers-to-seal-2fa-code-from-users/
Original Source
Ars Technica
Read original →