Aviatrix Blog 
On June 11, 2025, cybersecurity researchers disclosed a critical zero-click vulnerability in Microsoft 365 Copilot — now known as EchoLeak (CVE-2025-32711). This flaw allowed malicious actors to exfiltrate internal enterprise data without user interaction, simply by sending an email containing hidden prompt injections.
The implications go far beyond a single AI assistant. EchoLeak reveals a growing class of threats: AI-powered agents operating inside hybrid and multicloud environments without network-level controls.
What Happened
Researchers at Aim Security discovered that attackers could craft emails containing prompt injections that silently triggered Copilot to pull and leak sensitive internal content — including data from Outlook, OneDrive, SharePoint, and Teams. Critically, no click or user action was required.
Microsoft quickly issued a patch, and there’s currently no evidence of exploitation in the wild. But the underlying issue — AI agents acting beyond the visibility and control of traditional security tools — is systemic.
EchoLeak isn’t an isolated case. Just weeks earlier, a similar flaw in GitHub Copilot exposed Microsoft’s own secrets via AI-driven data leakage in this related incident.
Why It Matters for Cloud and Hybrid Enterprises
As organizations rapidly adopt AI assistants like Copilot, they often assume data remains protected by the same perimeter and endpoint tools they’ve relied on for years. But these AI agents:
- Operate across cloud services and user contexts
- Process sensitive data outside normal access controls
- Lack network-layer visibility and segmentation
The result? A data exfiltration vector that’s invisible to most legacy tools — and incompatible with static firewalls or endpoint detection alone.
How Aviatrix Closes the Gap
Aviatrix provides the Cloud Native Security Fabric that enterprises need to protect data moving through AI-powered architectures. Here’s how:
- Zero Trust Segmentation: Enforce identity-based policies across all traffic — even between AI agents and data stores — with no reliance on agents or NGFWs.
- High-Performance Encryption (HPE): Encrypt all east-west and hybrid traffic at line rate (up to 100 Gbps), ensuring prompt-exfiltrated data stays protected in motion.
- Multicloud and Hybrid Visibility: See, control, and alert on abnormal traffic patterns across Microsoft 365, Copilot workloads, and hybrid cloud environments.
Aligning with Compliance
EchoLeak underscores how AI-driven data flows can violate traditional security boundaries. Aviatrix helps ensure compliance with:
- CISA ZTMM v2.0: Supports all network and cross-cutting capabilities
- NIST CSF: Detects and prevents unauthorized data access (DE.CM-2)
- PCI DSS 4.0: Enforces encryption and access controls for sensitive data
- HIPAA: Protects ePHI through encrypted hybrid transmission and auditability
The Road Ahead
AI agents are here to stay — but so are the risks. EchoLeak is a wake-up call: perimeter controls and app-layer patches aren’t enough in a world of autonomous, cloud-native agents.
To secure AI-powered enterprises, you need to build security into the network itself. That’s what Aviatrix delivers.
- View the full advisory.
- Learn how Aviatrix secures AI-driven networks.
- Explore Aviatrix’s Cloud Firewall solution protects networks through visibility, threat detection, and egress filtering.
Resources
- “Critical flaw in Microsoft Copilot could have allowed zero-click attack,” Cybersecurity Dive
- “CVE-2025-32711 Vulnerability: “EchoLeak” Flaw in Microsoft 365 Copilot Could Enable a Zero-Click Attack on an AI Agent,” SOC Prime
- “EchoLeak: Critical Zero-Click Vulnerability in Microsoft 365 Copilot,” Cyber & Fraud Centre
- “Researchers Detail Zero‑Click Copilot Exploit ‘EchoLeak,’” Dark Reading
- “Zero‑Click AI Vulnerability Exposes Microsoft 365 Copilot Data,” Hacker News