Echoleak Attack Exposes AI Assistant Vulnerabilities Without Malware
Echoleak is a new attack vector targeting AI assistants like Microsoft 365 Copilot through prompt manipulation, bypassing traditional security measures without malware or phishing.
Researchers at Check Point have uncovered a new zero-click attack vector called Echoleak, which exploits AI assistants like Microsoft 365 Copilot through subtle prompt manipulation—no malware or phishing required. The attack marks a significant shift in cybersecurity threats, as it relies solely on language as a weapon.
How the Attack Works
- The attack injects malicious prompts into seemingly innocent documents or emails.
- Copilot interprets these prompts as commands, not data, leading to unauthorized disclosure of sensitive information (e.g., internal files, emails, or credentials).
- No user interaction is needed; the attack executes automatically.
Obedience as a Weakness
Large Language Model (LLM)-based AI assistants are designed to follow instructions, even when ambiguous. Their deep integration with operating systems and productivity tools creates a dangerous combination: a highly obedient tool with access to critical data.
"The attack vector has shifted from code to conversation," says Check Point. "We’ve built systems that actively convert language into actions. That changes everything."
Limitations of Current Safeguards
Many companies rely on LLM "watchdogs" to filter harmful instructions, but these models are vulnerable to the same deception. Attackers can:
- Spread malicious intent across multiple prompts.
- Hide instructions in other languages.
- Exploit contextual gaps in safeguards (as seen with Echoleak).
Tip: Microsoft turns GitHub Copilot into a full-fledged AI agent
This discovery underscores the urgent need for robust defenses against AI-driven social engineering attacks.
Related News
Zscaler CAIO on securing AI agents and blending rule-based with generative models
Claudionor Coelho Jr, Chief AI Officer at Zscaler, discusses AI's rapid evolution, cybersecurity challenges, and combining rule-based reasoning with generative models for enterprise transformation.
Lenovo Wins Frost Sullivan 2025 Asia-Pacific AI Services Leadership Award
Lenovo earns Frost Sullivan's 2025 Asia-Pacific AI Services Customer Value Leadership Recognition for its value-driven innovation and real-world AI impact.
About the Author
Michael Rodriguez
AI Technology Journalist
Veteran technology journalist with 12 years of focus on AI industry reporting. Former AI section editor at TechCrunch, now freelance writer contributing in-depth AI industry analysis to renowned media outlets like Wired and The Verge. Has keen insights into AI startups and emerging technology trends.