First Zero-Click AI Vulnerability "EchoLeak" Discovered in Microsoft 365 Copilot

Reviewed byNidhi Govil

9 Sources

Researchers uncover a critical zero-click AI vulnerability in Microsoft 365 Copilot, allowing attackers to exfiltrate sensitive data without user interaction. The flaw, dubbed "EchoLeak," highlights new security risks in AI-integrated systems.

Discovery of EchoLeak: A Zero-Click AI Vulnerability

In a groundbreaking discovery, researchers at Aim Labs have uncovered the first known zero-click artificial intelligence (AI) vulnerability, dubbed "EchoLeak." This critical flaw, identified in January 2025, affects Microsoft 365 Copilot, an AI assistant integrated into various Office applications 1.

Understanding the Vulnerability

EchoLeak is classified as an "LLM Scope Violation," a new class of vulnerabilities that can cause large language models (LLMs) to leak privileged internal data without user intent or interaction 2. The attack exploits the Retrieval-Augmented Generation (RAG) engine used by Copilot, allowing attackers to exfiltrate sensitive information from a user's context silently.

Source: Bleeping Computer

Source: Bleeping Computer

Attack Mechanism

The attack begins with a malicious email containing a hidden prompt injection, crafted to instruct the LLM to extract and exfiltrate sensitive internal data. This email, formatted to look like a typical business document, bypasses Microsoft's XPIA (cross-prompt injection attack) classifier protections 1.

When a user later interacts with Copilot, the RAG engine retrieves the malicious email due to its apparent relevance. The injected prompt then "tricks" the LLM into pulling sensitive data and inserting it into a crafted link or image 3.

Source: The Hacker News

Source: The Hacker News

Exploitation and Data Exfiltration

Aim Labs discovered that certain markdown image formats cause the browser to automatically request the image, sending the URL (including embedded data) to the attacker's server. While Microsoft's Content Security Policy (CSP) blocks most external domains, Microsoft Teams and SharePoint URLs are trusted and can be abused to exfiltrate data without issue 1.

Microsoft's Response and Mitigation

Microsoft assigned the vulnerability the identifier CVE-2025-32711, rating it critical with a CVSS score of 9.3 out of 10 4. The company addressed the issue server-side in May 2025, requiring no action from users. Microsoft stated that there is no evidence of real-world exploitation, and no customers were impacted 2.

Implications for AI Security

The discovery of EchoLeak has significant implications for AI security, particularly for NATO, government, defense, healthcare, and enterprises using AI assistants. Ensar Seker, CISO at SOCRadar, warns that "attackers no longer need to compromise user credentials or rely on phishing. They can manipulate a trusted AI interface directly" 5.

Source: Benzinga

Source: Benzinga

Future Concerns and Mitigations

As AI integration deepens in business workflows, experts warn that traditional defenses may be overwhelmed. Tim Erlin, a security strategist at Wallarm, noted that such vulnerabilities were "bound to happen" given the expanding AI attack surface 5.

To mitigate similar risks, enterprises are advised to:

  1. Strengthen prompt injection filters
  2. Implement granular input scoping
  3. Apply post-processing filters on LLM output
  4. Configure RAG engines to exclude external communications

Conclusion

The EchoLeak vulnerability serves as a wake-up call for the AI industry, highlighting the need for robust security measures in AI-integrated systems. As AI assistants become more prevalent, addressing these vulnerabilities will be crucial to maintain trust and security in AI technologies.

Explore today's top stories

OpenAI Launches ChatGPT Study Mode: A New Approach to AI-Assisted Learning

OpenAI introduces Study Mode for ChatGPT, designed to enhance learning experiences by encouraging critical thinking rather than providing direct answers. This new feature aims to address concerns about AI's impact on education while promoting deeper understanding of subjects.

Ars Technica logoTechCrunch logoMIT Technology Review logo

29 Sources

Technology

18 hrs ago

OpenAI Launches ChatGPT Study Mode: A New Approach to

Anthropic Nears $170 Billion Valuation with Potential $5 Billion Funding Round

Anthropic, the AI startup, is close to securing a massive funding round that could value the company at $170 billion, nearly tripling its previous valuation. The deal, led by Iconiq Capital, highlights the growing investor interest in AI companies and raises questions about the ethics of accepting funds from certain sources.

TechCrunch logoBloomberg Business logoCNBC logo

7 Sources

Business and Economy

18 hrs ago

Anthropic Nears $170 Billion Valuation with Potential $5

Meta's Aggressive AI Talent Hunt and Superintelligence Push: High Costs, Uncertain Returns

Meta CEO Mark Zuckerberg's ambitious pursuit of AI talent and superintelligence capabilities comes with massive investments and poaching attempts, but faces challenges in delivering immediate financial returns and competing with rivals.

Wired logoReuters logoCNBC logo

8 Sources

Technology

19 hrs ago

Meta's Aggressive AI Talent Hunt and Superintelligence

Google's NotebookLM Introduces Video Overviews and Enhanced Studio Panel

Google rolls out Video Overviews for NotebookLM, transforming dense content into narrated slideshows. The update also includes a redesigned Studio panel with improved multitasking capabilities.

TechCrunch logoCNET logoThe Verge logo

11 Sources

Technology

18 hrs ago

Google's NotebookLM Introduces Video Overviews and Enhanced

Google Enhances AI Mode with New Features for Students and Researchers

Google introduces several new AI-powered features to its Search AI Mode, including Canvas for study planning, PDF and image uploads on desktop, and real-time video input for Search Live, aimed at improving the research and learning experience.

TechCrunch logoThe Verge logoengadget logo

14 Sources

Technology

18 hrs ago

Google Enhances AI Mode with New Features for Students and
TheOutpost.ai

Your Daily Dose of Curated AI News

Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.

© 2025 Triveous Technologies Private Limited
Instagram logo
LinkedIn logo