Particle.news

Download on the App Store

Microsoft Fixes Zero-Click EchoLeak Flaw in Copilot as Researchers Call for AI Agent Redesign

The resolution highlights a new category of zero-interaction AI exploits, exposing fundamental weaknesses in agent architectures

Image
Image
Image

Overview

  • Aim Security researchers discovered EchoLeak in January 2025, marking the first known zero-click attack on an AI agent.
  • Microsoft rated the flaw critical, assigned it CVE-2025-32711, and applied a server-side fix in May without requiring any user action.
  • EchoLeak exploits Copilot’s background email scanning and retrieval engine to inject hidden prompts that silently exfiltrate sensitive internal data.
  • The vulnerability exemplifies a new class of threats called “LLM Scope Violations,” which could affect other AI agents beyond Microsoft 365 Copilot.
  • Security experts recommend enterprises strengthen prompt injection defenses, enforce granular input scoping and post-processing filters, and pursue a fundamental redesign of AI agent architectures.