![Top Features of Vision-Based Workplace Safety Tools [2025]](https://static.wixstatic.com/media/379e66_7e75a4bcefe14e4fbc100abdff83bed3~mv2.jpg/v1/fit/w_1000,h_884,al_c,q_80/file.png?#)
![How to Use AI as a Productivity Tool with Mike Kaput [MAICON 2025 Speaker Series]](https://www.marketingaiinstitute.com/hubfs/v2MAICON-Speaker_Series.png)
![[The AI Show Episode 152]: ChatGPT Connectors, AI-Human Relationships, New AI Job Data, OpenAI Court-Ordered to Keep ChatGPT Logs & WPP’s Large Marketing Model](https://www.marketingaiinstitute.com/hubfs/ep%20152%20cover.png)
![[DEALS] Microsoft Visual Studio Professional 2022 + The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![PSA: Widespread internet outage affects Spotify, Google, Discord, Cloudflare, more [U: Fixed]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2024/07/iCloud-Private-Relay-outage-resolved.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Shares Teaser Trailer for 'The Lost Bus' Starring Matthew McConaughey [Video]](https://www.iclarified.com/images/news/97582/97582/97582-640.jpg)
0-Click Microsoft 365 Copilot Vulnerability Let Attackers Exfiltrates Sensitive Data Abusing Teams
A critical zero-click vulnerability in Microsoft 365 Copilot, dubbed “EchoLeak,” enables attackers to automatically exfiltrate sensitive organizational data without requiring any user interaction. The vulnerability represents a significant breakthrough in AI security research, introducing a new class of attack called “LLM Scope Violation” that could affect other AI-powered applications beyond Microsoft’s platform. The EchoLeak attack […] The post 0-Click Microsoft 365 Copilot Vulnerability Let Attackers Exfiltrates Sensitive Data Abusing Teams appeared first on Cyber Security News.
A critical zero-click vulnerability in Microsoft 365 Copilot, dubbed “EchoLeak,” enables attackers to automatically exfiltrate sensitive organizational data without requiring any user interaction.
The vulnerability represents a significant breakthrough in AI security research, introducing a new class of attack called “LLM Scope Violation” that could affect other AI-powered applications beyond Microsoft’s platform.
The EchoLeak attack exploits fundamental design flaws in how M365 Copilot processes and retrieves information from organizational data stores.
The vulnerability enables external attackers to send specially crafted emails that bypass multiple security layers, allowing them to extract the most sensitive information from a victim’s Microsoft Graph data, including emails, OneDrive files, SharePoint documents, and Teams conversations.
What makes this attack particularly dangerous is its zero-click nature. Unlike traditional cyberattacks that require users to click on malicious links or download infected files, EchoLeak operates entirely in the background.
An attacker simply needs to send an email to a target within an organization, and the vulnerability can be triggered when the victim interacts with M365 Copilot for any routine business task.
Zero-Click Microsoft 365 Copilot Vulnerability
The attack chain demonstrates remarkable technical sophistication, successfully bypassing four critical security measures that Microsoft has implemented as best practices.
First, it circumvents XPIA (cross-prompt injection attack) classifiers by phrasing malicious instructions as if they were intended for human recipients rather than AI systems.
The researchers also discovered multiple bypasses for Microsoft’s link redaction mechanisms, exploiting lesser-known markdown formatting variations that aren’t recognized by the security filters. These include reference-style markdown links and images that slip past the content scanning systems.
Perhaps most concerning is the Content Security Policy (CSP) bypass that enables automatic data exfiltration. The researchers identified specific Microsoft Teams and SharePoint endpoints that can forward requests to external servers while remaining within the allowed domain whitelist, creating an invisible channel for sensitive data to leave the organization.
Aim Labs has introduced the term “LLM Scope Violation” to describe the core vulnerability mechanism. This occurs when an attacker’s instructions embedded in untrusted content successfully direct the AI system to access and process privileged organizational data without explicit user consent.
The researchers argue this represents a violation of the Principle of Least Privilege, where low-privilege external content gains unauthorized access to high-privilege internal information through the AI intermediary.
The discovery highlights growing security challenges as organizations increasingly adopt AI-powered productivity tools. M365 Copilot’s integration with Microsoft Graph gives it extensive access to organizational data, making it an attractive target for sophisticated attacks.
Microsoft’s MSRC team has been notified of the vulnerability, though specific details about patches or mitigations have not been disclosed. Aim Labs reports that no customers are known to have been impacted by this vulnerability to date.
This research represents a significant advancement in understanding how threat actors can exploit AI agents by leveraging their internal mechanics. As organizations continue deploying AI-powered tools, the EchoLeak discovery underscores the need for more sophisticated security frameworks specifically designed for AI applications.
The vulnerability’s zero-click nature and potential for data exfiltration make it particularly suited for corporate espionage and extortion campaigns, highlighting the evolving threat landscape in our increasingly AI-integrated business environment.
Live Credential Theft Attack Unmask & Instant Defense – Free Webinar
The post 0-Click Microsoft 365 Copilot Vulnerability Let Attackers Exfiltrates Sensitive Data Abusing Teams appeared first on Cyber Security News.
