Microsoft has fixed a dangerous zero-click attack in its Generative Artificial Intelligence (GenAI) model which could have allowed threat actors to silently exfiltrate sensitive corporate data ...

Discovered by Aim Security, it’s the first documented zero-click attack on an AI agent, exposing the invisible risks lurking in the AI tools we use every day. One crafted email is all it takes.

Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.

This is the first zero-click AI vulnerability ever discovered, according to the researchers in a June 11 report which shared their findings. Aim Labs contacted Microsfot about the flaw in January 2025 ...

Critical flaw in Microsoft Copilot could have allowed zero-click attack. Microsoft CEO Satya Nadella speaks during the OpenAI DevDay event on November 06, 2023 in San Francisco, California.

The vulnerability, called “EchoLeak,” lets attackers “automatically exfiltrate sensitive and proprietary information” from Microsoft 365 Copilot without knowledge of the user, according to findings ...

More and more companies are introducing AI systems such as . Microsoft 365 Copilot, but security company Aim Security has recently demonstrated that a zero-click attack is possible, in which ...

A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction.

TL;DR: Microsoft has patched a critical zero-click vulnerability in Copilot that allowed remote attackers to automatically exfiltrate sensitive user data simply by sending an email. Dubbed ...

Researchers have said that Microsoft Copilot had a critical zero-click AI vulnerability that was fixed before hackers stole sensitive data. Called ‘EchoLeak,’ the attack was mounted by Aim ...

Microsoft has fixed a dangerous zero-click attack in its Generative Artificial Intelligence (GenAI) model which could have allowed threat actors to silently exfiltrate sensitive corporate data without ...