Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.

EchoLeak affected Microsoft 365 Copilot, the AI assistant integrated across several Office applications, including Word, Excel, Outlook, PowerPoint, and Teams. According to researchers at Aim ...

A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction.

Microsoft has already completed its response to Echoleak, but Aim Security CTO Adir Glass pointed out that 'Echoleak can be applied to any type of AI agent, from MCP-compatible services to ...

EchoLeak exposes deeper AI flaws. Microsoft patched Copilot’s EchoLeak flaw, but experts warn the real threat is architectural, not accidental.

Researchers have said that Microsoft Copilot had a critical zero-click AI vulnerability that was fixed before hackers stole sensitive data. Called ‘EchoLeak,’ the attack was mounted by Aim ...

What This Vulnerability Teaches Us About AI SecurityThe recent disclosure of EchoLeak by Aim Labs marks a significant milestone in AI security research. As the first documented zero-click exploit ...

The vulnerability, called “EchoLeak,” lets attackers “automatically exfiltrate sensitive and proprietary information” from Microsoft 365 Copilot without knowledge of the user, according to findings ...

This is EchoLeak, a critical vulnerability in Microsoft 365 Copilot that lets hackers steal sensitive corporate data without a single action from the victim.