Microsoft Copilot targeted in first “zero-click” attack on an AI agent - what you need to know

• Security researchers Aim Labs discovered an LLM Scope Violation flaw in Microsoft 365 Copilot
• The critical-severity bug allows threat actors to exfiltrate sensitive corporate data by sending an email
• Microsoft says it has fixed the issue server-side, but users should be on guard

Microsoft has fixed a dangerous zero-click attack in its Generative Artificial Intelligence (GenAI) model which could have allowed threat actors to silently exfiltrate sensitive corporate data without (almost) any user interaction.

Cybersecurity researchers Aim Labs, who found the flaw, known as an “LLM Scope Violation”, and dubbed it EchoLeak.

Here is how it works: A threat actor sends a seemingly innocuous email message to the target, which contains a hidden prompt that instructs Copilot to exfiltrate sensitive data to an attacker-controlled server. Since Copilot is integrated into Microsoft 365, that data can include anything from intellectual property files, to business contracts and legal ...