Sign Up
Already have an account?Log In
By clicking "Sign Up" you agree to our terms of service and privacy policy
- Username should be more than 3 characters.
- Username cannot start with numeric character.
- Username characters must be from {a-z,0-9}, special characters are not allowed.
- Make sure the Email is working to receive verification code & password reset link.
- Password should be more than 6 characters.
Forgot Password
Microsoft Copilot Under Siege: The Groundbreaking Zero-Click AI Attack
Microsoft 365 Copilot, an AI-powered assistant integrated into Office apps, has been targeted by a groundbreaking zero-click attack known as EchoLeak. This vulnerability exploits the AI's ability to combine and process content without isolating trust boundaries, allowing attackers to embed malicious prompts in seemingly innocuous emails. Once triggered, the AI silently leaks sensitive data from the user's context, including chat logs, files, and messages, without requiring any user interaction. The attack leverages a novel LLM Scope Violation method, which manipulates the AI to access and exfiltrate confidential data. Although Microsoft has fixed the flaw, it highlights the potential risks inherent in AI-integrated systems and demonstrates a new class of vulnerabilities that can be exploited for large-scale data exfiltration.
Share
Copied