Critical Zero-Click Vulnerability in Microsoft Copilot Could Have Exposed Sensitive Data Researchers at Aim Security disclosed a critical zero-click vulnerability in Microsoft’s Copilot AI tool, identified as CVE-2025-32711 and dubbed EchoLeak, which could have allowed attackers to steal sensitive organizational data without any user interaction. The flaw, the first known zero-click exploit targeting an AI agent, was patched by Microsoft following coordinated disclosure. The vulnerability stemmed from an "LLM scope violation", where untrusted external input could manipulate Copilot into accessing and exfiltrating privileged data. At risk were files and communications within Microsoft 365, including chat histories, OneDrive documents, SharePoint content, Teams conversations, and preloaded organizational data. While most organizations were exposed under Copilot’s default configuration, there is no evidence the flaw was exploited in the wild. Microsoft addressed the issue in a recent update, stating that no further customer action is required. The company also implemented additional defense-in-depth measures to bolster security. Aim Security’s CTO, Adir Gruss, emphasized the significance of the discovery, noting that it demonstrated how attackers could automatically extract sensitive information without user engagement. Forrester analyst Jeff Pollard highlighted the broader security risks of AI agents, warning that their access to email, scheduling, and other functions makes them prime targets for exploitation. Microsoft acknowledged the research, confirming the vulnerability was resolved before any customer impact occurred.