Researchers Discover 'EchoLeak' Vulnerability in MS 365 Copilot

Researchers have discovered "EchoLeak" in MS 365 Copilot, the first zero-click attack on an AI agent. This vulnerability allowed attackers to hijack the AI assistant simply by sending an email, without any need for clicking. Microsoft has fixed this specific issue in five months. The solution requires either restructuring AI models to separate instructions from data or building mandatory safeguards into each agent platform.