Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.

The vulnerability, called “EchoLeak,” lets attackers “automatically exfiltrate sensitive and proprietary information” from Microsoft 365 Copilot without knowledge of the user, according to findings ...

Users of Microsoft 365 Copilot were threatened by a critical security vulnerability for months. The AI assistant for company software could be tricked into disclosing sensitive and other information.

In the case of Microsoft 365 Copilot, the vulnerability lets a hacker trigger an attack simply by sending an email to a user, with no phishing or malware needed.

A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction.

Microsoft 365 Copilot is an AI-powered productivity tool that integrates with apps such as Word, Excel, PowerPoint, Outlook and Teams. It utilizes LLMs – specifically, OpenAI’s GPT models – and the ...

This is EchoLeak, a critical vulnerability in Microsoft 365 Copilot that lets hackers steal sensitive corporate data without a single action from the victim.

Explore Microsoft 365's June 2025 update, featuring AI-powered assistants, advanced security, and tools to simplify your ...

Microsoft 365 Copilot, the AI tool built into Microsoft Office workplace applications including Word, Excel, Outlook, PowerPoint, and Teams, harbored a critical security flaw that, according to ...

The vulnerability, dubbed “EchoLeak,” was found in Microsoft Corp.’s 365 Copilot generative AI tool in January and reported to Microsoft at the time.