Overview

• Researchers at Aim Labs discovered in January that a zero-click flaw dubbed EchoLeak could exfiltrate data from Microsoft 365 Copilot by embedding hidden prompts in a standard-looking email.
• Microsoft assigned the critical CVE-2025-32711 designation to the vulnerability and deployed a server-side fix in May that requires no action from customers.
• The company reports no evidence that the EchoLeak flaw was exploited in real-world attacks after the patch was applied.
• EchoLeak exemplifies a broader 'LLM Scope Violation' vulnerability in AI agents that allows unauthorized access to privileged data without user interaction.
• Security experts warn that fully preventing such leaks will demand a fundamental redesign of AI agent frameworks to isolate trusted instructions from untrusted inputs.