Critical Security Flaw in Microsoft 365 Copilot Raises Zero-Click Attack Concerns

June 11, 2025 at 05:48 PM

•

1 min read

Critical Security Flaw in Microsoft 365 Copilot Raises Zero-Click Attack Concerns — Photo: BleepingComputer

TL;DR Summary

Researchers uncovered 'EchoLeak,' a critical zero-click vulnerability in Microsoft 365 Copilot that allows silent exfiltration of sensitive data through prompt injection, highlighting emerging risks in AI-integrated enterprise systems. Microsoft fixed the flaw in May, with no evidence of exploitation, but the attack demonstrates the need for enhanced defenses against LLM scope violations.

Topics:business #ai-vulnerability #data-exfiltration #echoleak #microsoft-365-copilot #prompt-injection #technology

Share this article

Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot BleepingComputer
Microsoft Copilot flaw raises urgent questions for any business deploying AI agents Fortune
Critical flaw in Microsoft Copilot could have allowed zero-click attack Cybersecurity Dive
Aim Security Launches Aim Labs with Elite Researchers from Google and Israel’s Unit 8200 to Advance AI Security Business Wire
Empowering your firm with Generative AI: Navigating security in Microsoft 365 Copilot Legal Futures

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

90%

536 → 52 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights