Microsoft 365 Copilot Vulnerable to Zero-Click EchoLeak Exploit, Cybersecurity Researchers Say

Microsoft eportedly said that it has fixed the Copilot vulnerability and no users were affected by it.

Advertisement
Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 12 June 2025 19:33 IST
Highlights
  • The exploit uses agentic capabilities of Copilot
  • This is said to be the first zero-click exploit on a major AI chatbot
  • First stage of this exploit uses a plain language email
Microsoft 365 Copilot Vulnerable to Zero-Click EchoLeak Exploit, Cybersecurity Researchers Say

The exploit could have been used by bad actors to steal sensitive data from users’ devices

Photo Credit: Reuters

Microsoft 365 Copilot, the enterprise-focused artificial intelligence (AI) chatbot that works across Office apps, was reportedly vulnerable to a zero-click vulnerability. As per a cybersecurity firm, a flaw existed in the chatbot that could be triggered via a simple text email to hack into it. Once the chatbot was hacked, it could then be made to retrieve sensitive information from the user's device and share it with the attacker. Notably, the Redmond-based tech giant said that it has fixed the vulnerability, and that no users were affected by it.

Researchers Find Zero-Click Vulnerability in Copilot

In a blog post, AI security startup Aim Security detailed the zero-click exploit and how the researchers were able to execute it. Notably, a zero-click attack refers to hacking attempts where the victim does not have to download a file or click on a URL for the attack to be triggered. A simple act such as opening an email can initiate the hacking attempt.

The findings by the cybersecurity firm highlights the risks that AI chatbots pose, especially if they have agentic capability, which refers to the ability of an AI chatbot to access tools to execute actions. For example, Copilot being able to connect to OneDrive and retrieving data from a file stored there to answer a user query would be considered an agentic action.

As per the researchers, the attack was initiated using cross-prompt injection attack (XPIA) classifiers. These is a form of prompt injection, where an attacker manipulates the input across multiple prompts, sessions, or messages to influence or control the behaviour of an AI system. The malicious message is often added via attached files, hidden or invisible text, or embedded instructions.

Advertisement

The researchers shared the XPIA bypass via email. However, they also showed the same could be done via an image (embedding the malicious instruction in the alt text), and even via Microsoft Team by excuting a GET request for a malicious URL. While the first two methods still require the user to ask a query about the email or the image, the latter does not require users to take any particular action for the hacking attempt to begin.

“The attack results in allowing the attacker to exfiltrate the most sensitive data from the current LLM context - and the LLM is being used against itself in making sure that the MOST sensitive data from the LLM context is being leaked, does not rely on specific user behavior, and can be executed both in single-turn conversations and multi-turn conversations,” the post added.

Advertisement

Notably, a Microsoft spokesperson acknowledged the vulnerability and thanked Aim for identifying and reporting the issue, according to a Fortune report. The issue has now been fixed, and no users were affected by it, the spokesperson told the publication.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Samsung Galaxy Buds 3 Pro's Amazon Prime Day 2025 Offer Revealed
  2. AI+ Pulse, AI+ Nova 5G With 50-Megapixel Rear Cameras Launched in India
  3. Oppo Reno 14 Gets a New Variant With a Colour Changing Rear Panel
  4. OnePlus Nord 5, OnePlus Nord CE 5 Launched in India at These Prices
  5. OnePlus Nord CE 5 Review
  6. WhatsApp's AI-Powered Chat Wallpaper Feature Is Coming to iOS
  7. iQOO 13, iQOO Neo 10R and More Get Discounts During Prime Day 2025 Sale
  8. Realme 15 5G, 15 Pro 5G to Launch in India on This Date
  9. OnePlus Nord 5 Review
  10. Google Pixel Phones Receiving Monthly Software Update for July 2025
  1. iPhone 17 Air Dummy Unit Surfaces in Hands-on Video, Showcasing Thin Design
  2. OnePlus Pad Lite Launched With 11-Inch Display, 9,340mAh Battery: Price, Specifications
  3. Gmail Announces Manage Subscriptions View for Decluttering Inbox on Android, iOS and Web
  4. Google Pixel Phones Receiving Android 16-Based Monthly Software Update for July 2025: What’s New
  5. Samsung Galaxy Unpacked 2025 Event Today: Galaxy Z Fold 7, Z Flip 7 Launch Expected, How to Watch Livestream
  6. Vivo V60 Reportedly Listed on SIRIM and TUV Websites, Could Launch Soon
  7. Amazon Prime Day 2025 Sale: iQOO 13, iQOO Neo 10R, iQOO Z10x and More to Go on Sale at Discounted Prices
  8. Swiggy Instamart Teams Up With Jio for Instant Delivery of JioBharat V4 and JioPhone Prima 2
  9. Apple Maps in iOS 26 Beta Version Come With An Upgraded Search Feature: Report
  10. WhatsApp Rolls Out AI-Powered Chat Wallpaper Feature; Threaded Message Replies Spotted in Development
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.