EchoLeak: zero-click data theft from an AI assistant

A single crafted email made Microsoft 365 Copilot exfiltrate internal data with no user click. Here's the mechanism, and how to bound the blast radius when injection succeeds.

Read Original

Related