The flaw allowed for a one-click data-theft chain. If a user clicked a link pointing to a genuine microsoft.com address, a prompt injection could be triggered, allowing the attacker to exfiltrate the victim’s mailbox, one-time passcodes, calendar, SharePoint files, and OneDrive documents.
Microsoft remediated the issue server-side before the public disclosure, so there are no patches for users to apply. The primary takeaway from this CVE is the risk of prompt injection reaching over-permissioned data, emphasizing the need for strong data governance and the principle of least privilege for AI assistants.
The Problem: The “SearchLeak” Risk
If you have files shared with “Everyone,” “All Users,” or broad groups, an attacker can use a technique called “Prompt Injection” to trick the AI into finding and stealing that data. Essentially, if a user has access to a file, the AI does too—and if the AI can be tricked, your data can be exfiltrated without you ever knowing.
How to Secure Your Sites and Files
If you manage a SharePoint site, a Teams folder, or a OneDrive directory, take these three steps immediately to lock down your data:
1. Audit Your “Shared With” List
Don’t assume your folders are private.
- Go to your most sensitive folders.
- Right-click and select Manage Access.
- Look for labels like “Everyone except external users” or “All Users.”
- Action: Remove these broad permissions. Replace them with a specific security group.
2. Stop Using “Anyone with the Link”
The “Anyone” link is the most dangerous sharing setting in M365. It creates a public doorway to your data that bypasses all authentication.
- Whenever possible, choose “People in [Your Organization] with the link” or “Specific People.”
- Pro Tip: Set expiration dates on sharing links.
3. Use Sensitivity Labels
If your organization has enabled them, use Sensitivity Labels (e.g., “Highly Confidential”). These labels act as a safety net, telling the AI that the content is restricted and should not be extracted.
The Bottom Line
AI is a force multiplier—it makes you more productive, but it also makes data leaks happen faster. The best defense is the Principle of Least Privilege: Give people (and AI) access only to what they absolutely need to do their jobs. Nothing more.




