The researchers at Aim Security dubbed the flaw “EchoLeak.” Microsoft told Fortune that it has already fixed the issue in Microsoft 365 Copilot and that its customers were unaffected.

The “EchoLeak,” as the security flaw is known, is the first known AI security vulnerability that doesn’t require users to click a link to become infected.

Microsoft to lay off around 9,000 workers in its largest cuts since 2023 By Clare Duffy, CNN 2 min read Updated 11:45 AM EDT, Wed July 2, 2025 ...

Aim Labs worked closely with Microsoft’s Security Response Center to responsibly disclose the vulnerability and issue a fix. It is the first AI vulnerability to receive a no-action CVE from ...