Is Your Data Leaking? How to Secure Your Microsoft 365 Files from AI-Driven Theft

A recently discovered vulnerability (CVE-2026-42824) highlighted a dangerous reality: AI assistants like Microsoft 365 Copilot are only as secure as the permissions you have set. CVE-2026-42824, nicknamed SearchLeak, was an information disclosure vulnerability in Microsoft 365 Copilot discovered by Varonis Threat Labs in June 2026.
The flaw allowed for a one-click data-theft chain. If a user clicked a link pointing to a genuine microsoft.com address, a prompt injection could be triggered, allowing the attacker to exfiltrate the victim’s mailbox, one-time passcodes, calendar, SharePoint files, and OneDrive documents.
Microsoft remediated the issue server-side before the public disclosure, so there are no patches for users to apply. The primary takeaway from this CVE is the risk of prompt injection reaching over-permissioned data, emphasizing the need for strong data governance and the principle of least privilege for AI assistants.

The Problem: The “SearchLeak” Risk

If you have files shared with “Everyone,” “All Users,” or broad groups, an attacker can use a technique called “Prompt Injection” to trick the AI into finding and stealing that data. Essentially, if a user has access to a file, the AI does too—and if the AI can be tricked, your data can be exfiltrated without you ever knowing.

The Golden Rule: AI follows your permissions. If you can see it, Copilot can see it. If you’ve accidentally shared a sensitive folder with the whole company, you’ve just given the AI (and potentially an attacker) a map to your most private data.

How to Secure Your Sites and Files

If you manage a SharePoint site, a Teams folder, or a OneDrive directory, take these three steps immediately to lock down your data:

1. Audit Your “Shared With” List

Don’t assume your folders are private.

  • Go to your most sensitive folders.
  • Right-click and select Manage Access.
  • Look for labels like “Everyone except external users” or “All Users.”
  • Action: Remove these broad permissions. Replace them with a specific security group.

2. Stop Using “Anyone with the Link”

The “Anyone” link is the most dangerous sharing setting in M365. It creates a public doorway to your data that bypasses all authentication.

  • Whenever possible, choose “People in [Your Organization] with the link” or “Specific People.”
  • Pro Tip: Set expiration dates on sharing links.

3. Use Sensitivity Labels

If your organization has enabled them, use Sensitivity Labels (e.g., “Highly Confidential”). These labels act as a safety net, telling the AI that the content is restricted and should not be extracted.

The Bottom Line

AI is a force multiplier—it makes you more productive, but it also makes data leaks happen faster. The best defense is the Principle of Least Privilege: Give people (and AI) access only to what they absolutely need to do their jobs. Nothing more.