A naukri.com initiative
Tech Radar
4w
2
Image Credit: Tech Radar
Microsoft Copilot targeted in first “zero-click” attack on an AI agent - what you need to know
- Microsoft's Copilot, a Generative AI model in Microsoft 365, faced a zero-click attack known as LLM Scope Violation discovered by Aim Labs.
- The flaw, named EchoLeak, allowed threat actors to extract sensitive corporate data via hidden prompts in emails without user interaction.
- Threat actors could exfiltrate data like intellectual property, business contracts, and financial information from Copilot integrated into Microsoft 365.
- The attack required a human-like prompt to bypass Microsoft's defenses, potentially affecting a victim when interacting with Copilot.
- The bug, assigned CVE-2025-32711, scored 9.3/10 in severity, was fixed server-side in May, and Microsoft found no evidence of exploitation.
- Microsoft 365 combines office apps, cloud storage, email, calendar, and communication tools, making it widely used for online collaboration.
- Copilot assists users in drafting emails, document generation, data visualization, and trend analysis in Microsoft 365.
Read Full Article
Like
For uninterrupted reading, download the app