Skip to main content
close search
site logo

Critical flaw in Microsoft Copilot could have allowed zero-click attack

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction.

Published June 11, 2025
David Jones's headshot
Reporter
Microsoft CEO Satya Nadella speaks during the OpenAI DevDay event on November 06, 2023 in San Francisco, California.
Microsoft CEO Satya Nadella speaks during the OpenAI DevDay event on Nov. 6, 2023, in San Francisco. A 2025 vulnerability in Copilot could have allowed a remote attacker to conduct an attack with no user interaction. Justin Sullivan / Staff via Getty Images

A recently fixed critical vulnerability in Microsoft’s Copilot AI tool could have let a remote attacker steal sensitive data from an organization simply by sending an email, researchers say.

The vulnerability, dubbed EchoLeak and assigned the identifier CVE-2025-32711, could have allowed hackers to mount an attack without the target user having to do anything. EchoLeak represents the first known zero-click attack on an AI agent, according to researchers at Aim Security, which released the findings in a Wednesday blog post.

“This vulnerability represents a significant breakthrough in AI security research because it demonstrates how attackers can automatically exfiltrate the most sensitive information from Microsoft 365 Copilot’s context without requiring any user interaction whatsoever,” Adir Gruss, co-founder and CTO at Aim Security, told Cybersecurity Dive via email. 

An EchoLeak attack could have exploited what researchers call an “LLM scope violation,” in which untrusted input from outside an organization can commandeer an AI model to access and steal privileged data. 

Vulnerable data could potentially include everything to which Copilot has access, including chat histories, OneDrive documents, Sharepoint content, Teams conversations and preloaded data from an organization. 

Gruss said Microsoft Copilot’s default configuration left most organizations at risk of attack until recently, although he cautioned that there was no evidence any customers were actually targeted. 

Microsoft, which has been coordinating with researchers about the vulnerability for months, released an advisory on Wednesday that said the issue was fully addressed and no further action was necessary by customers. 

“We appreciate Aim Labs for identifying and responsibly reporting this issue so it could be addressed before our customers were impacted,” a spokesperson for Microsoft said via email. 

Microsoft said it has updated products to mitigate the issue. The company is also implementing defense-in-depth measures to make further enhancements to its security posture. 

Jeff Pollard, vice president and principal analyst at Forrester, said the vulnerability is in line with prior concerns raised about the potential security risks from AI agents.

“Once you’ve empowered something to operate on your behalf to scan your email, schedule meetings, send responses and more attackers will find a way to exploit it given the treasure trove of information that resides in both work and personal email accounts,” Pollard told Cybersecurity Dive via email.

(Adds comments from Microsoft and Forrester.)

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Why Real‑Time ADR Is the Only Answer to Modern App Threats
From Charlotte Mckinsey
June 12, 2025
iOT365 and Check Point Software Partner to Offer Full-Spectrum OT/IoT Cybersecurity
From iOT365
June 10, 2025
iOT365 logo
DNS4EU Launches European Alternative to Google and Cloudflare DNS, Powered by Whalebone
From Whalebone
June 11, 2025
Whalebone logo
22 Percent Failure Rate Across Top Endpoint Security Controls Undermines Enterprise Resilience…
From Absolute Security
June 06, 2025
Editors' picks
Latest in Vulnerability
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.