Don't Just Read the News, Understand It.
Get Started
SubscribeLogin
Israel-Hamas Conflict
Military
Protestors
World Cup
Donald Trump
Social Media
Formula 1
Soccer
Artificial Intelligence
Immigration
Cryptocurrency
Stock Markets
Rallies
Published loading...Updated

Microsoft Copilot Targeted in First “Zero-Click” Attack on an AI Agent - What You Need to Know

  • Researchers at Aim Labs detected a major security flaw called EchoLeak in Microsoft 365 Copilot in January 2025 that allowed data theft without user interaction.
  • The vulnerability exploited a novel LLM Scope Violation technique that manipulates internal AI model logic to turn the agent against itself.
  • EchoLeak permitted attackers to exfiltrate sensitive information by sending a simple email, affecting apps connected to Copilot like Word and Outlook.
  • Microsoft assigned EchoLeak the critical CVE-2025-32711 identifier with a severity of 9.3/10 and fully mitigated it server-side by May 2025 without user action required.
  • No evidence showed real-world exploitation, but Aim Labs warned similar attacks may increase as AI integrates deeper into enterprises, urging fundamental AI design changes.
Insights by Ground AI
Does this summary seem wrong?

21 Articles

All
Left
Center
2
Right
3
SapoSapo
Lean Right

Critical Error in Copilot Allows IA to Be Manipulated to Steal Your Data

A vulnerabilities were detected in Microsoft 365 Copilot. The failure allows an attacker to manipulate a generated IA with a simple email malicious. Without the user's knowledge, IA can send sensitive data...

·Portugal
Read Full Article
Tech RadarTech Radar
+2 Reposted by 2 other sources
Center

Microsoft Copilot targeted in first “zero-click” attack on an AI agent - what you need to know

Security researchers discovered a way to extract sensitive information from Microsoft 365 Copilot.

·United Kingdom
Read Full Article
Tech SpotTech Spot
Center

Microsoft fixes first known zero-click attack on an AI agent

EchoLeak affected Microsoft 365 Copilot, the AI assistant integrated across several Office applications, including Word, Excel, Outlook, PowerPoint, and Teams. According to researchers at Aim Security, who...

Read Full Article
LatestlyLatestly
Right

EchoLeak: First-Ever Zero-Click Vulnerability, CVE-2025-3271, Discovered by Aim Labs in Microsoft 365 Copilot AI, Allowed Attackers Steal Sensitive Data Silently, Now Fixed | 📲 LatestLY

EchoLeak, the first-ever zero-click vulnerability (CVE-2025-32711), was discovered by Aim Labs in Microsoft 365 Copilot AI. It allowed attackers to silently steal sensitive user data through hidden prompts in emails without user interaction. Microsoft has fixed the security flaw with a server-side update. 📲 EchoLeak: First-Ever Zero-Click Vulnerability, CVE-2025-3271, Discovered by Aim Labs in Microsoft 365 Copilot AI, Allowed Attackers Steal S…

Read Full Article
India TodayIndia Today
Lean Right

First ever security flaw detected in an AI agent, could allow hacker to attack user via email

Security researchers have discovered the first zero-click AI vulnerability in Microsoft 365 Copilot AI agent, exposing a way for attackers to steal data via email without user interaction. The flaw is now fixed.

·India
Read Full Article
Security BoulevardSecurity Boulevard
Reposted by
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks

Aim Security researchers used specially worded emails to convince victims and AI agents to hand over sensitive corporate data.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 60% of the sources lean Right
60% Right
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

India Today broke the news in India on Thursday, June 12, 2025.
Sources are mostly out of (0)

Similar News Topics

Artificial Intelligence

Artificial Intelligence

Microsoft

Microsoft

Research

Research

Cyber Security

Cyber Security

News
For You
SearchBlindspotLocal