<ul data-eligibleForWebStory="true"><li>CVE-2025-32711, known as 'EchoLeak,' is a critical vulnerability in Microsoft's Copilot AI enabling a zero-click attack.</li><li>It exploits an 'LLM scope violation' and is the first known zero-click attack on an AI agent.</li><li>The discovery highlights the growing intersection between traditional software vulnerabilities and AI threats.</li><li>Cyber defenders need to adjust defense strategies to tackle such novel threats proactively.</li><li>The attack allows automatic exfiltration of sensitive data without user interaction in M365 Copilot.</li><li>Microsoft confirmed resolution of the issue and provided mitigation measures like DLP tags.</li><li>Exploitation of AI vulnerabilities emphasizes the need for proactive defenses and threat modeling.</li><li>SOC Prime Platform offers products to strengthen cybersecurity resilience against AI-driven threats.</li></ul>

CVE-2025-32711 Vulnerability: “EchoLeak” Flaw in Microsoft 365 Copilot Could Enable a Zero-Click Attack on an AI Agent

Discover more