The “EchoLeak,” as the security flaw is known, is the first known AI security vulnerability that doesn’t require users to ...

Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.

The vulnerability, called “EchoLeak,” lets attackers “automatically exfiltrate sensitive and proprietary information” from Microsoft 365 Copilot without knowledge of the user, according to findings ...

EchoLeak marks the first known zero-click attack on an AI agent (via Fortune). The cybersecurity firm presented its findings to Microsoft earlier this year in January.

The silent threat in your AI stack: Why EchoLeak is a wake-up call for CXOs We break down the first major zero-click AI security flaw, "EchoLeak," to uncover why every CXO needs to urgently ...

This is EchoLeak, a critical vulnerability in Microsoft 365 Copilot that lets hackers steal sensitive corporate data without a single action from the victim.

Jun 12, 2025 13:52:00 A zero-click attack method 'Echoleak' that sends emails to manipulate AI and steal confidential information has been discovered, and there is a risk to all AI systems such as ...

Dubbed "EchoLeak," the security flaw is being described by cybersecurity researchers as the first known zero-click attack targeting an AI assistant.

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction.