Microsoft Copilot vulnerability EchoLeak enabled zero-click data theft

Researchers discovered a critical vulnerability in Microsoft's Copilot AI tool that could have allowed attackers to steal sensitive data without any user interaction.

The EchoLeak Vulnerability

• Dubbed EchoLeak (CVE-2025-32711), the flaw represented the first known zero-click attack on an AI agent.
• Attackers could exploit an LLM scope violation to commandeer Copilot and access privileged data.
• Vulnerable data included chat histories, OneDrive documents, Sharepoint content, Teams conversations, and preloaded organizational data.

How It Worked

• The attack could be triggered simply by sending an email to a target.
• No user interaction was required, making it particularly dangerous.
• Default Copilot configurations left most organizations at risk until patched.

Microsoft's Response

• Microsoft released an advisory confirming the issue was fully addressed.
• The company implemented updates and additional defense-in-depth measures.
• "We appreciate Aim Labs for identifying and responsibly reporting this issue," a Microsoft spokesperson said.

Expert Insights

• Adir Gruss, CTO at Aim Security, called it a "significant breakthrough in AI security research."
• Jeff Pollard, VP at Forrester, noted the risks align with prior concerns about AI agents: "Attackers will find a way to exploit it given the treasure trove of information."

Key Takeaways

• The vulnerability highlights the evolving risks of AI-powered tools in enterprise environments.
• Organizations should ensure they apply the latest patches and review AI agent configurations.
• Microsoft has confirmed no evidence of customer targeting, but the potential impact was severe.

For more details, read the full report from Aim Security.