Login
Israel-Hamas Conflict
Airstrike
Benjamin Netanyahu
Military
Social Media
World Cup
Donald Trump
Artificial Intelligence
Immigration and Customs Enforcement
Aviation Accidents
Cryptocurrency
Infrastructure
Riots
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

Microsoft Copilot Targeted in First “Zero-Click” Attack on an AI Agent - What You Need to Know

  • In January 2025, researchers at Aim Labs discovered a critical zero-click vulnerability called EchoLeak affecting Microsoft 365 Copilot AI assistant and reported it to Microsoft.
  • This vulnerability exploited a novel LLM Scope Violation technique that manipulated large language model logic to access sensitive data without user interaction via a crafted email.
  • EchoLeak allowed attackers to silently exfiltrate data from apps integrated with Copilot across Microsoft 365, including Word, Outlook, Excel, and Teams, without any clicks or downloads.
  • Microsoft fixed the flaw with a server-side patch in May 2025, assigned it critical CVE-2025-32711 severity 9.3/10, confirmed no customers were impacted, and no real-world exploitation was detected.
  • The incident highlights emerging AI security challenges that require stronger industry guardrails and possibly a fundamental redesign of AI agent architectures, especially within enterprise environments.
Insights by Ground AI
Does this summary seem wrong?

20 Articles

All
Left
Center
2
Right
3
SapoSapo
Lean Right

Critical Error in Copilot Allows IA to Be Manipulated to Steal Your Data

A vulnerabilities were detected in Microsoft 365 Copilot. The failure allows an attacker to manipulate a generated IA with a simple email malicious. Without the user's knowledge, IA can send sensitive data...

·Portugal
Read Full Article
Tech RadarTech Radar
+2 Reposted by 2 other sources
Center

Microsoft Copilot targeted in first “zero-click” attack on an AI agent - what you need to know

Security researchers discovered a way to extract sensitive information from Microsoft 365 Copilot.

·United Kingdom
Read Full Article
Tech SpotTech Spot
Center

Microsoft fixes first known zero-click attack on an AI agent

EchoLeak affected Microsoft 365 Copilot, the AI assistant integrated across several Office applications, including Word, Excel, Outlook, PowerPoint, and Teams. According to researchers at Aim Security, who...

Read Full Article
LatestlyLatestly
Right

EchoLeak: First-Ever Zero-Click Vulnerability, CVE-2025-3271, Discovered by Aim Labs in Microsoft 365 Copilot AI, Allowed Attackers Steal Sensitive Data Silently, Now Fixed | 📲 LatestLY

EchoLeak, the first-ever zero-click vulnerability (CVE-2025-32711), was discovered by Aim Labs in Microsoft 365 Copilot AI. It allowed attackers to silently steal sensitive user data through hidden prompts in emails without user interaction. Microsoft has fixed the security flaw with a server-side update. 📲 EchoLeak: First-Ever Zero-Click Vulnerability, CVE-2025-3271, Discovered by Aim Labs in Microsoft 365 Copilot AI, Allowed Attackers Steal S…

Read Full Article
India TodayIndia Today
Lean Right

First ever security flaw detected in an AI agent, could allow hacker to attack user via email

Security researchers have discovered the first zero-click AI vulnerability in Microsoft 365 Copilot AI agent, exposing a way for attackers to steal data via email without user interaction. The flaw is now fixed.

·India
Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks

Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Aim Security researchers found a zero-click vulnerability in Microsoft 365 Copilot that could have been exploited to have AI tools like RAG and AI agents hand over sensit…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 60% of the sources lean Right
60% Right
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

India Today broke the news in India on Thursday, June 12, 2025.
Sources are mostly out of (0)

Similar News Topics

Artificial Intelligence

Artificial Intelligence

Microsoft

Microsoft

Research

Research

Cyber Security

Cyber Security

News
For You
SearchBlindspotLocal