Copilot searched your mailbox. LiteLLM handed out admin keys. Run this

Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next

DigiviNews June 23, 2026 12:03 AM UTC ~1 min read

DigiviNews | AI

Two AI tools broke in the same way in the same two weeks, and four research teams proved it. The pattern underneath every disclosure is one sentence: enterprise AI accepts external input with no trust boundary.

On June 15, Varonis disclosed SearchLeak (CVE-2026-42824), a proof-of-concept exfiltration chain in Microsoft 365 Copilot Enterprise Search. A victim clicks a crafted microsoft.com URL, Copilot searches their mailbox, and the

Technical Analysis

Two AI tools, Varonis’ Copilot and LiteLLM, reportedly exposed admin keys via unsecured external inputs. Four research teams confirmed the vulnerability. Businesses must conduct a 5-check audit to safeguard their stacks.

Key Points

Two AI tools broke in the same way in the same two weeks, and four research teams proved it.
The pattern underneath every disclosure is one sentence: enterprise AI accepts external input with no trust boundary.
On June 15, Varonis disclosed SearchLeak (CVE-2026-42824), a proof-of-concept exfiltration chain in Microsoft 365 Copilot Enterprise Search.
A victim clicks a crafted microsoft.com URL, Copilot searches their mailbox, and the

Stay Informed

This story is actively developing. DigiviNews will continue to provide updates as more information becomes available. Follow us on all social platforms for real-time breaking news coverage in Ai and beyond.