First Zero-Click AI Vulnerability "EchoLeak" Discovered in Microsoft 365 Copilot

Reviewed byNidhi Govil

9 Sources

Researchers uncover a critical zero-click AI vulnerability in Microsoft 365 Copilot, allowing attackers to exfiltrate sensitive data without user interaction. The flaw, dubbed "EchoLeak," highlights new security risks in AI-integrated systems.

Discovery of EchoLeak: A Zero-Click AI Vulnerability

In a groundbreaking discovery, researchers at Aim Labs have uncovered the first known zero-click artificial intelligence (AI) vulnerability, dubbed "EchoLeak." This critical flaw, identified in January 2025, affects Microsoft 365 Copilot, an AI assistant integrated into various Office applications 1.

Understanding the Vulnerability

EchoLeak is classified as an "LLM Scope Violation," a new class of vulnerabilities that can cause large language models (LLMs) to leak privileged internal data without user intent or interaction 2. The attack exploits the Retrieval-Augmented Generation (RAG) engine used by Copilot, allowing attackers to exfiltrate sensitive information from a user's context silently.

Source: Bleeping Computer

Source: Bleeping Computer

Attack Mechanism

The attack begins with a malicious email containing a hidden prompt injection, crafted to instruct the LLM to extract and exfiltrate sensitive internal data. This email, formatted to look like a typical business document, bypasses Microsoft's XPIA (cross-prompt injection attack) classifier protections 1.

When a user later interacts with Copilot, the RAG engine retrieves the malicious email due to its apparent relevance. The injected prompt then "tricks" the LLM into pulling sensitive data and inserting it into a crafted link or image 3.

Source: The Hacker News

Source: The Hacker News

Exploitation and Data Exfiltration

Aim Labs discovered that certain markdown image formats cause the browser to automatically request the image, sending the URL (including embedded data) to the attacker's server. While Microsoft's Content Security Policy (CSP) blocks most external domains, Microsoft Teams and SharePoint URLs are trusted and can be abused to exfiltrate data without issue 1.

Microsoft's Response and Mitigation

Microsoft assigned the vulnerability the identifier CVE-2025-32711, rating it critical with a CVSS score of 9.3 out of 10 4. The company addressed the issue server-side in May 2025, requiring no action from users. Microsoft stated that there is no evidence of real-world exploitation, and no customers were impacted 2.

Implications for AI Security

The discovery of EchoLeak has significant implications for AI security, particularly for NATO, government, defense, healthcare, and enterprises using AI assistants. Ensar Seker, CISO at SOCRadar, warns that "attackers no longer need to compromise user credentials or rely on phishing. They can manipulate a trusted AI interface directly" 5.

Source: Benzinga

Source: Benzinga

Future Concerns and Mitigations

As AI integration deepens in business workflows, experts warn that traditional defenses may be overwhelmed. Tim Erlin, a security strategist at Wallarm, noted that such vulnerabilities were "bound to happen" given the expanding AI attack surface 5.

To mitigate similar risks, enterprises are advised to:

  1. Strengthen prompt injection filters
  2. Implement granular input scoping
  3. Apply post-processing filters on LLM output
  4. Configure RAG engines to exclude external communications

Conclusion

The EchoLeak vulnerability serves as a wake-up call for the AI industry, highlighting the need for robust security measures in AI-integrated systems. As AI assistants become more prevalent, addressing these vulnerabilities will be crucial to maintain trust and security in AI technologies.

Explore today's top stories

Ilya Sutskever Takes Helm at Safe Superintelligence Amid AI Talent War

Ilya Sutskever, co-founder of Safe Superintelligence (SSI), assumes the role of CEO following the departure of Daniel Gross to Meta. The move highlights the intensifying competition for top AI talent among tech giants.

TechCrunch logoReuters logoCNBC logo

6 Sources

Business and Economy

1 hr ago

Ilya Sutskever Takes Helm at Safe Superintelligence Amid AI

Google's Veo 3 AI Video Generator Expands Globally, Now Available in India

Google's advanced AI video generation tool, Veo 3, is now available worldwide to Gemini app 'Pro' subscribers, including in India. The tool can create 8-second videos with audio, dialogue, and realistic lip-syncing.

Android Police logo9to5Google logoNDTV Gadgets 360 logo

7 Sources

Technology

17 hrs ago

Google's Veo 3 AI Video Generator Expands Globally, Now

NYT Wins Court Battle: OpenAI Ordered to Retain and Allow Search of ChatGPT Logs

A federal court has upheld an order requiring OpenAI to indefinitely retain all ChatGPT logs, including deleted chats, as part of a copyright infringement lawsuit by The New York Times and other news organizations. This decision raises significant privacy concerns and sets a precedent in AI-related litigation.

Ars Technica logoFuturism logoDataconomy logo

3 Sources

Policy and Regulation

9 hrs ago

NYT Wins Court Battle: OpenAI Ordered to Retain and Allow

Microsoft's AI Push Shadows Xbox Layoffs and Game Cancellations

Microsoft's Xbox division faces massive layoffs and game cancellations amid record profits, with AI integration suspected as a key factor in the restructuring.

Gizmodo logoKotaku logoWccftech logo

4 Sources

Business and Economy

9 hrs ago

Microsoft's AI Push Shadows Xbox Layoffs and Game

Google's Veo 3 AI Tool Sparks Controversy with Racist Videos on TikTok

Google's AI video generation tool, Veo 3, has been linked to a surge of racist and antisemitic content on TikTok, raising concerns about AI safety and content moderation on social media platforms.

Ars Technica logoThe Verge logoPC Magazine logo

5 Sources

Technology

17 hrs ago

Google's Veo 3 AI Tool Sparks Controversy with Racist
TheOutpost.ai

Your Daily Dose of Curated AI News

Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.

© 2025 Triveous Technologies Private Limited
Twitter logo
Instagram logo
LinkedIn logo