Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next
Two AI tools broke in the same way in the same two weeks, and four research teams proved it. The pattern underneath every disclosure is one sentence: enterprise AI accepts external input with no trust boundary. On June 15, Varonis disclosed SearchLeak (CVE-2026-42824), a proof-of-concept exfiltration chain in Microsoft 365 Copilot Enterprise Search. A victim clicks a crafted microsoft.com URL, Copilot searches their mailbox, and the data leaves through a Bing SSRF. No plugins, no second click, no visible indicator. Four days earlier, Obsidian Security published a three-CVE chain against LiteLLM that carried a default low-privilege user all the way to admin and remote code execution. Two tools. Two teams. One broken boundary.The five-check audit at the end of this article maps each gap to a [...]
Rating
Innovation
Pricing
Technology
Usability
We have discovered similar tools to what you are looking for. Check out our suggestions for similar AI tools.
Microsoft launches 'Hey Copilot' voice assistant and autonomous agents for all Windows 11 PCs
Microsoft is fundamentally reimagining how people interact with their computers, announcing Thursday a sweeping transformation of Windows 11 that brings voice-activated AI assistants, autonomous softw [...]
Microsoft announces Copilot Cowork with help from Anthropic — a cloud-powered AI agent that works across M365 apps
If you thought Anthropic was about to run away with the enterprise AI business...you're not totally off the mark, actually.This morning, Microsoft announced "Copilot Cowork" a new cloud [...]
200,000 MCP servers expose a command execution flaw that Anthropic calls a feature
Anthropic created the Model Context Protocol as the open standard for AI agent-to-tool communication. OpenAI adopted it in March 2025. Google DeepMind followed. Anthropic donated MCP to the Linux Foun [...]
Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds
A rogue AI agent at Meta passed every identity check and still exposed sensitive data to unauthorized employees in March. Two weeks later, Mercor, a $10 billion AI startup, confirmed a supply-chain br [...]
Microsoft Copilot gets 12 big updates for fall, including new AI assistant character Mico
Microsoft today held a live announcement event online for its Copilot AI digital assistant, with Mustafa Suleyman, CEO of Microsoft's AI division, and other presenters unveiling a new generation [...]
Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same g [...]
Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one
For four weeks starting January 21, Microsoft's Copilot read and summarized confidential emails despite every sensitivity label and DLP policy telling it not to. The enforcement points broke insi [...]