Microsoft Copilot was focused in the first “zero -click” -attack on an AI agent -what you need to know
- Advertisement -
Related Posts
- Advertisement -
- Security researchers AIM Labs discovered an LLM -Scope -violation error in Microsoft 365 Copilot
- With the bug of criticism of seriousness, threat actors can exfiled sensitive company data by sending an e-mail
- Microsoft says it has solved the server’s problem, but users must be on the guard
Microsoft Has solved a dangerous zero click attack in its generative artificial intelligence (Genai) model with which threat actors in silence sensitive company data can quietly exfiltrate without (almost) any user interaction.
CyberSecurity -Researchers Aim LabsWho found the mistake, known as an “LLM -Scope -violation”, and called the Echoleak.
Here is how it works: a threat actor sends a seemingly imperative e-mail message to the goal, which contains a hidden prompt that instructs Copilot to exfil sensitive data to an attacker-controlled server. Since Copilot is integrated in Microsoft 365, data can include everything, from intellectual property files to business contracts and legal documents, or from internal communication to financial data.
Critical vulnerability
The researchers note that the promptly must be formulated, such as speaking with a person, so that it bypasses the Xpia (Cross-Prompt Injection Attack) from Microsoft.
Later, when the victim has interaction with Copilot and asks a business-related question, the LLM will retrieve all relevant data (including the e-mail message from the attackers) and ultimately perform it. The files are stored in a manufactured link or an image.
The BUG was assigned the CVE-2025-32711 ID and received a serious score of 9.3/10 (critical). It was resolved on the server in May, which means that users don’t have to do anything. Microsoft also said that there is no evidence that the error in the past had been exploited and none of his customers was influenced.
Microsoft 365 is one of the most popular cloud -based communication and Online collaboration toolsCombining office apps (word, excel and others), cloud storage (OneDrive and SharePoint), E -mail and agenda (Outlook, Exchange) and communication tools (teams).
Recently Microsoft has its generative AI model, Copilot, integrated in Microsoft 365, so that users can prepare and summarize e -mails, generate and edit documents, create data visualizations and analyze trends, and more.
Maybe you like it too
- Advertisement -
