Microsoft Fixes Zero-Click Vulnerability in Copilot AI

Microsoft has addressed a critical zero-click vulnerability in its Copilot AI system, discovered by Aim Security, which could have allowed data leaks without user interaction.

Microsoft Corporation has resolved a critical security flaw in its Copilot AI system, identified by Aim Security, a Tel Aviv-based cybersecurity firm. The vulnerability, known as EchoLeak, was characterized as a 'zero-click' flaw, meaning it could be exploited without any user interaction, according to Inc.

The EchoLeak vulnerability, assigned the identifier CVE-2025-32711, allowed unauthorized access to sensitive data within Microsoft 365 Copilot's context. This flaw was particularly dangerous as it enabled attackers to exfiltrate data without user awareness or action. The attack involved embedding malicious prompts in seemingly benign content, such as emails, which the AI system would process, leading to unintended data leaks.

Microsoft has already addressed the issue server-side, ensuring that no customer action is required. The company confirmed that there was no evidence of the vulnerability being exploited in the wild. This incident highlights the potential risks associated with AI systems and the importance of ongoing vigilance in cybersecurity measures.

We hope you enjoyed this article.

Consider subscribing to one of several newsletters we publish. For example, in the Daily AI Brief you can read the most up to date AI news round-up 6 days per week.

Also, consider following us on social media:

AI Brief
AI Brief (X)

Subscribe to Cybersecurity AI Weekly

Weekly newsletter about AI in Cybersecurity.

AI Token Webinar

Market report

2025 State of Data Security Report: Quantifying AI’s Impact on Data Risk

Varonis Systems, Inc.

The 2025 State of Data Security Report by Varonis analyzes the impact of AI on data security across 1,000 IT environments. It highlights critical vulnerabilities such as exposed sensitive cloud data, ghost users, and unsanctioned AI applications. The report emphasizes the need for robust data governance and security measures to mitigate AI-related risks.

Read more

You May Also Like