A critical zero-click flaw called EchoLeak was discovered in Microsoft 365 Copilot, allowing data exfiltration from enterprise systems without user interaction. It hijacks Copilot’s RAG pipeline by injecting hidden prompts into seemingly benign emails, coaxing the model to spill internal data via auto-generated links or image requests. Fixed server-side in May (CVE-2025-32711) with no known exploits so far, the incident highlights a new attack surface in AI systems—where LLMs leak data silently. Enterprises should urgently tighten prompt-injection defenses, scope retrieval inputs, and sanitize model outputs to avoid similar LLM-triggered leaks.

Bleeping Computer