Microsoft Copilot vulnerability EchoLeak enabled zero-click data theft
Researchers found a critical flaw in Microsoft Copilot that allowed hackers to access sensitive data without user interaction, now patched by Microsoft.
Researchers discovered a critical vulnerability in Microsoft's Copilot AI tool that could have allowed attackers to steal sensitive data without any user interaction.
The EchoLeak Vulnerability
- Dubbed EchoLeak (CVE-2025-32711), the flaw represented the first known zero-click attack on an AI agent.
- Attackers could exploit an LLM scope violation to commandeer Copilot and access privileged data.
- Vulnerable data included chat histories, OneDrive documents, Sharepoint content, Teams conversations, and preloaded organizational data.
How It Worked
- The attack could be triggered simply by sending an email to a target.
- No user interaction was required, making it particularly dangerous.
- Default Copilot configurations left most organizations at risk until patched.
Microsoft's Response
- Microsoft released an advisory confirming the issue was fully addressed.
- The company implemented updates and additional defense-in-depth measures.
- "We appreciate Aim Labs for identifying and responsibly reporting this issue," a Microsoft spokesperson said.
Expert Insights
- Adir Gruss, CTO at Aim Security, called it a "significant breakthrough in AI security research."
- Jeff Pollard, VP at Forrester, noted the risks align with prior concerns about AI agents: "Attackers will find a way to exploit it given the treasure trove of information."
Key Takeaways
- The vulnerability highlights the evolving risks of AI-powered tools in enterprise environments.
- Organizations should ensure they apply the latest patches and review AI agent configurations.
- Microsoft has confirmed no evidence of customer targeting, but the potential impact was severe.
For more details, read the full report from Aim Security.
Related News
AWS extends Bedrock AgentCore Gateway to unify MCP servers for AI agents
AWS announces expanded Amazon Bedrock AgentCore Gateway support for MCP servers, enabling centralized management of AI agent tools across organizations.
CEOs Must Prioritize AI Investment Amid Rapid Change
Forward-thinking CEOs are focusing on AI investment, agile operations, and strategic growth to navigate disruption and lead competitively.
About the Author
Dr. Emily Wang
AI Product Strategy Expert
Former Google AI Product Manager with 10 years of experience in AI product development and strategy formulation. Led multiple successful AI products from 0 to 1 development process, now provides product strategy consulting for AI startups while writing AI product analysis articles for various tech media outlets.