[RSS OUTLETS]score: 0.79

SearchLeak Exploit Let Attackers Steal 2FA Codes via GitHub Copilot

June 16, 2026

A prompt injection vulnerability in GitHub Copilot, dubbed SearchLeak, allowed attackers to exfiltrate 2FA codes by manipulating LLM context through malicious repository content. The exploit highlights persistent failures in LLM input sanitization and trust boundary enforcement across AI coding tools.

HOW THIS AFFECTS YOU

●

builderIf you are building LLM-powered tools that process untrusted content, this is a concrete example of prompt injection leading to credential theft — review your input sanitization and context isolation.

●

policyThis is another documented case of LLM security failures at production scale, reinforcing the need for formal security standards around AI-integrated developer tools.

read original ↗arstechnica.com

← back to feed