Director’s Cut: Microsoft Copilot Flaw Highlights Emerging AI Security Risks - Zscaler

The "EchoLeak" vulnerability in Microsoft 365 Copilot allows attackers to embed hidden commands within regular emails, triggering the AI agent to access and expose sensitive files like emails and spreadsheets without user action. This "zero-click" attack highlights a structural vulnerability in AI tools, enabling silent data exfiltration and making breach source identification extremely difficult.