Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next

Two AI tools, Microsoft 365 Copilot Enterprise Search and LiteLLM, were found to have vulnerabilities that allowed attackers to exfiltrate data and gain admin access, respectively, due to a lack of trust boundary in enterprise AI. The vulnerabilities, including SearchLeak (CVE-2026-42824) and a three-CVE chain against LiteLLM, were disclosed by Varonis and Obsidian Security, respectively. The pattern of accepting external input with no trust boundary is a common issue in enterprise AI, as demonstrated by similar vulnerabilities in Langflow and Mini Shai-Hulud. This highlights the need for a thorough audit to identify and address such gaps in AI systems, which can have significant practical implications for engineers building and deploying AI systems.

⚡ Key Takeaways

• SearchLeak (CVE-2026-42824) is a proof-of-concept exfiltration chain in Microsoft 365 Copilot Enterprise Search that allows attackers to search a victim's mailbox and exfiltrate data through a Bing SSRF.
• A three-CVE chain against LiteLLM (CVE-2026-47101, CVE-2026-47102, and CVE-2026-40217) allows attackers to gain admin access and execute remote code.
• The lack of trust boundary in enterprise AI is a common issue, as demonstrated by similar vulnerabilities in Langflow (CVE-2026-5027) and Mini Shai-Hulud.
• A five-check audit can help identify and address gaps in AI systems, including checking for external input validation, trust boundaries, and secure API key management.
• The severity of the vulnerabilities is contested, but the mechanism is not, and the escalation is the real story, with the blast radius being everything that a user can reach.

The vulnerabilities in Microsoft 365 Copilot Enterprise Search and LiteLLM highlight the need for engineers to prioritize security and trust boundaries in AI systems, particularly in enterprise deployments where the blast radius can be significant. The fact that similar vulnerabilities were found in Langflow and Mini Shai-Hulud demonstrates that this is a common issue in enterprise AI that require

✅ Practical Steps

1. Run a five-check audit to identify gaps in AI systems, including checking for external input validation, trust boundaries, and secure API key management.
2. Implement secure API key management, such as using secure storage and rotation of API keys, to prevent unauthorized access.
3. Validate external input to prevent attacks like SearchLeak and the three-CVE chain against LiteLLM.

Want the full story? Read the original article.