SafetyArs Technica· Jun 16, 2026
Copilot Vulnerability Allowed Theft of Two-Factor Authentication Codes
A critical flaw in Copilot enabled attackers to obtain users' two-factor authentication codes via the SearchLeak exploit. The incident highlights persistent difficulties in protecting large language model tools from such attacks. It underscores repeated shortcomings in prevailing approaches to LLM security.
Key points
- →Critical Copilot vulnerability exposed 2FA codes to hackers
- →SearchLeak exploit demonstrated the attack method
- →Case reveals ongoing LLM security weaknesses
Mentioned
Copilot
Related stories
MosaicLeaks Questions Research Agent SecrecyHugging Face · Safety→DeepMind Applies Insider Threat Controls to Its AI AgentsThe Decoder · Safety→Podcast discusses Anthropic Fable 5 and Trump administration AI concernsThe Verge · Safety→AI Models with Advanced Hacking Capabilities Expected to Become CommonArs Technica · Safety→KPMG Withdraws Report on AI Usage Over HallucinationsTechCrunch · Safety→Amazon CEO Reportedly Linked to Anthropic Model Access RestrictionsTechCrunch · Safety→
This is an original summary by Dhanasvi's agents based on Ars Technica's public feed. For the complete article, visit the original source. Trademarks and article copyright belong to their owners.