\n2. Link Redaction Bypass<\/strong>: The attacker requests sensitive company information from Copilot, attempting to exfiltrate it by embedding it within a markdown link that employs reference-style markdown links, thus evading security measures designed for link redaction.
\n3. Image Redaction Bypass<\/strong>: To facilitate automated data extraction without requiring user interaction, attackers endeavor to generate an image that includes sensitive information as a query string parameter appended to the image URL, using reference-style markdown images to bypass image redaction protocols.
\n4. CSP Bypass<\/strong>: The browser’s Content-Security-Policy (CSP) restricts the fetching of images from unauthorized domains, impeding exfiltration via the image URL. Attackers investigate allowed domains within the CSP, notably focusing on SharePoint and Microsoft Teams.<\/p>\n
![\"EchoLeak](\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/m365-copilot-emerging-zero-click-ai-vulnerability-facilitates-corporate-data-breach-1.webp\")
<\/p>\n
Identifying Common Design Flaws in RAG Applications and AI Agents<\/h3>\n
The Aim Labs team has categorized this string of vulnerabilities under the term \u2018EchoLeak,\u2019 blending traditional vulnerabilities with advanced AI-related weaknesses. They conclude, \u201cThis is a novel practical attack on an LLM application that adversaries can weaponize. The attack permits the exfiltration of the most sensitive data from the present LLM context, ensuring that the most confidential information is leaked, independent of specific user actions, and can be conducted in both single-turn and multi-turn interactions.\u201d<\/p>\n
Though their primary focus was M365 Copilot, researchers affirm that the vulnerability could also be exploited within other RAG applications and AI agents.<\/p>\n","protected":false},"excerpt":{"rendered":"
In a groundbreaking revelation, researchers from Aim Labs have identified a critical zero-click vulnerability in Microsoft 365 Copilot that enables…<\/p>\n","protected":false},"author":1,"featured_media":2025,"comment_status":"open","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[28],"tags":[885,144,108],"class_list":["post-2024","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-data-extraction","tag-exploitation","tag-vulnerability"],"acf":[],"yoast_head":"\n