- AIM LABS security researchers discovered a rapid failure of LLM reach in Microsoft 365 Copilot
- The critical severity error allows threat actors to exfiltrate confilious corporate data by sending an email
- Microsoft says it has solved the server problem, but users must be on guard
Microsoft has set a dangerous attack with zero click on its generative model of artificial intelligence (Genai) that could have allowed threat actors to silently exfiltrate confidential corporate data without (almost) no user interaction.
Cybersecurity researchers AIM Labs, who found the defect, known as a “violation of the scope of LLM”, and called Echoleak.
This is how it works: a threat actor sends an apparently harmless email message to the target, which contains a hidden request that instructs Copilot to exfilt confidential data to a server controlled by the attacker. Since Copilot is integrated into Microsoft 365, this data can include anything, from intellectual property archives, to commercial contracts and legal documents, or from internal communications, to financial data.
Critical vulnerability
The researchers point out that the notice must be written as talking to a human, so that it avoids the Xpia defenses of Microsoft (cross -prompt injection attack).
Later, when the victim interacts with co -pilot and asks a business related to the business, the LLM will extract all the relevant data (including the email message of the attackers) and will end up executing it. The files are stored in an elaborate link or in an image.
The Error was assigned the ID-2025-32711 identifier and a gravity score of 9.3/10 (critic) was given. The server side was solved in May, which means that users do not need to do anything. Microsoft also said that there is no evidence that the failure would have been exploited in the past and that none of its clients were affected.
Microsoft 365 is one of the most popular online collaboration and communications tools, which combines office applications (Word, Excel and others), cloud storage (OneDrive and SharePoint), email and calendar (Outlook, Exchange) and communications tools (equipment).
Recently, Microsoft integrated its generative the AI model, Co -Co, in Microsoft 365, allowing users to write and summarize emails, generate and edit documents, create data visualizations and analyze trends, and more.
Through Bleepingcomputer
