A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction.

A critical AI vulnerability, 'EchoLeak,' was discovered in Microsoft 365 Copilot by Aim Labs researchers in January 2025. This flaw allowed attackers to exfiltrate sensitive user data through ...

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 (M365 ...

In a major first for the AI security landscape, researchers have identified a critical vulnerability in Microsoft 365 Copilot that could have allowed hackers to steal sensitive user data—without ...

Security researchers Aim Labs discovered an LLM Scope Violation flaw in Microsoft 365 Copilot The critical-severity bug allows threat actors to exfiltrate sensitive corporate data by sending an email ...

Microsoft has already spent $64 billion (roughly Rs. 5,46,718 crore) this year, much of it on data centers needed for AI-based services such as Copilot used in its popular Microsoft 365 applications.

EchoLeak exploits Copilot’s ability to handle both trusted internal data (like emails, Teams chats, and OneDrive files) and untrusted external inputs, such as inbound emails.

Access Microsoft Copilot here and log in or register for a personal account. Check out sessions from the AI Red Team and Microsoft Security Response Center: Learn to Red Team AI Systems Using PyRIT ...

Starting today, Windows 10 and 11 users in the US can try out the assistant's Vision feature. The tool allows you to share up to two apps with Copilot, so that you can then chat about what it sees.

The vulnerability, dubbed “EchoLeak,” was found in Microsoft Corp.’s 365 Copilot generative AI tool in January and reported to Microsoft at the time.