Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Critical Zero-Click AI Vulnerability Discovered in Microsoft 365 Copilot: EchoLeak

2025-06-11
Critical Zero-Click AI Vulnerability Discovered in Microsoft 365 Copilot: EchoLeak

Aim Labs has discovered a critical zero-click AI vulnerability, dubbed "EchoLeak," in Microsoft 365 Copilot. This vulnerability allows attackers to automatically exfiltrate sensitive data from Copilot's context without any user interaction. The attack leverages a novel technique called "LLM Scope Violation," bypassing Copilot's security measures through a cleverly crafted email. EchoLeak highlights inherent security risks in Retrieval-Augmented Generation (RAG)-based AI models, emphasizing the need for robust AI security practices.

(www.aim.security)
AI Zero-Click Vulnerability