Reports
AI-generated structured vendor updates
Microsoft Copilot SearchLeak: One Click Exfiltrates All Indexed Enterprise Data via LLM Prompt Injection
Varonis discovered SearchLeak (CVE-2026-42824) in Microsoft 365 Copilot Enterprise, a three-stage vulnerability chain: P2P injection, HTML rendering race condition, and SSRF via Bing to bypass CSP. Attackers embed malicious URL parameters; user clicks cause Copilot to exfiltrate sensitive data (emails, SharePoint, OneDrive) via Bing image URLs, evading traditional phishing defenses. Microsoft has released a patch.
OpenAI Invests $150M to Certify 300K Enterprise AI Advisors, Shifts Ecosystem Control
OpenAI launches Partner Network with $150M investment to certify 300K enterprise AI advisors by end of 2026, partnering with McKinsey, Accenture, and others. This marks OpenAI's first independent certification and sales channel outside Microsoft, signaling a shift from model supremacy to deployment ecosystem warfare.
Microsoft GitHub Leases AWS Capacity: AI Demand Forces Cross-Cloud Collaboration, Shattering Vendor Lock-In
Microsoft's GitHub, facing a 14x surge in AI-driven code commits, is renting compute capacity from rival AWS. This reveals that no single cloud provider can meet AI infrastructure demand, breaking traditional cloud competition and heralding cross-cloud hybrid deployment as the new norm.