Researchers discover zero-click vulnerability in Microsoft Copilot

Researchers have said that Microsoft Copilot had a critical zero-click AI vulnerability that was fixed before hackers stole sensitive data. Called 'EchoLeak,' the attack was mounted by Aim Labs researchers in January this year and then reported to Microsoft later.
In a blog posted by the research team, they said that EchoLeak was the first zero-click attack on an AI agent and could hack remotely via an email.
The vulnerability was given the identifier CVE-2025-32711 and rated critical and fixed eventually in May.
The researchers have categorised EchoLeak under a new class of vulnerabilities called 'LLM Scope Violation,' which can lead a large language model to leak internal data without any interaction with the hacker.
Although Microsoft acknowledged the security flow, it confirmed that there had been no instance of exploitation which had impacted users.
Users receive an email that's been designed to look like a business document embedded with a hidden prompt injection that instructs the LLM to extract and exfiltrate sensitive data. When the user asks Copilot a query the email is retrieved into the LLM prompt by Retrieval-Augmented Generation or RAG.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

The Hindu

31 minutes ago

• The Hindu

CUTM shines at U.S. tech meet, highlights Centre's semiconductors potential

Centurion University of Technology and Management (CUTM) Vice President D. N. Rao on Sunday said that the Indian government's initiatives and new policies regarding the promotion of semiconductors would create lakhs of jobs in the near future for youth pursuing engineering and related courses. He said that the University was giving utmost priority to equipping students with additional skills to meet the expectations of the electronic components industry which plays a vital role in power, telecom, automobile, information technology and other sectors. Professor D. N. Rao along with a team of faculty members from the University gave a presentation on 'Opportunities in the electronic component industry and benefits for students,' at the 62nd Design Automation Conference (DAC) which began on Sunday in San Francisco, U.S. In a press release, Dr. Rao said that CUTM which has campuses in Vizianagaram, Bhubaneswar and other places is the first University to have an opportunity to participate in the prestigious Design Automation Conference (DAC) which will go on till June 25. 'Our participation at DAC 2025 reflects our commitment to cutting-edge research and innovation. It is a proud moment for Indian academia, as we are the first university from the country to showcase our capabilities on a world-class stage,' he added. The University showcased several innovations including digital manufacturing for apparel tracking, electronic control unit-embedded system innovation, and smart retrofit solution for manual lathe automation. The University also signed an agreement with Marquee Semiconductors, a leading semiconductor design company in the U.S. for the improvement of the University's curriculum and to provide hands-on experience to the students in advanced design automation tools.

Mint

an hour ago

• Mint

Gujarat Electronics Component Manufacturing Policy aims to reduce import dependency

Ahmedabad, Jun 22 (PTI) Incentives for projects approved by MeitY, quick disbursal of assistance and reducing import dependency by attracting over ₹ 35,000 crore in new investments are among the prominent features of the Gujarat Electronics Component Manufacturing Policy-2025. The policy, which aims to transform Gujarat into a global hub for electronics manufacturing, was unveiled by Chief Minister Bhupendra Patel on Sunday. The policy states that projects approved and supported by the Union Ministry of Electronics and Information Technology (MeitY) will be eligible for 100 per cent Central assistance when established in Gujarat. Projects approved by the MeitY will receive incentives from both the Centre and the state government through a single approval and incentive assistance will disbursed within 30 days, a government release stated. "This means MeitY-approved projects set up in the state will receive dual incentive benefits from the Central and Gujarat governments," it said. Aligned with the Union government's Electronics Component Manufacturing Scheme (ECMS), the policy ensures "a 100 per cent top-up on Central support while guaranteeing timely disbursement of assistance. "Once a project is approved under the ECMS from MeitY, it will automatically become eligible for the same grant-in-aid in Gujarat. The state government will disburse its incentive within 30 days of the Centre releasing the assistance," the release said. The policy aims to reduce dependence on imports and improve technological resilience by attracting over ₹ 35,000 crore in new investments. It aims to create substantial high-skilled employment opportunities within the state's electronics component manufacturing sector. The policy hopes to boost investment in key segments, such as multi-layer and HDI printed circuit boards, lithium-ion cells, SMD passive components, display and camera modules, electronic parts, and the additional machinery for their production. "The policy's core focus is to bridge the talent gap, promote innovation, and offer support for research and development initiatives, with the recognised Gujarat-based institutions being eligible for assistance of up to ₹ 12.5 crore to establish centres of excellence, finishing schools, or applied research laboratories," the release stated. The policy aims to establish Gujarat as a prominent player in global electronics supply chains by promoting the manufacturing of local electronic components and sub-assembly production, reducing import dependency, and boosting exports, which will drive product value growth in global electronics value chains (GVCs). The Government of India (GoI) guidelines mandate the submission of applications to avail of the benefits of this policy by July 31, 2025. All MeitY-approved projects operating in Gujarat will automatically become eligible for availing of the policy benefits along with developing or proposed projects for incentives. The government said only the units other than those receiving assistance under Gujarat Electronics Policy 2022-28 will be eligible for benefits under this policy, and those availing benefits under this policy will not qualify under the Gujarat Electronics Policy.

Time of India

2 hours ago

• Time of India

AI now writes 25% of code in the US: Should Computer Science students rethink their career plans?

Artificial Intelligence is no longer just supporting programmers—it's actively writing code. According to insights published by The Atlantic , major U.S. tech companies like Microsoft and Alphabet now rely on artificial intelligence to generate nearly 25% of their code. As generative tools become deeply integrated into software development workflows, they're not only boosting productivity—but also raising difficult questions about the future of entry-level tech jobs. Tech jobs shift as AI takes over AI's growing role in software development isn't just a behind-the-scenes shift—it's showing up in employment data. According to The Atlantic , the number of 22–27-year-olds employed in computer science and math roles has dropped by 8% in recent years. While some of this is attributed to tech layoffs, automation is also playing a central role. Even tech companies acknowledge the shift. Executives at Microsoft and Google's parent company Alphabet have already confirmed the impact of AI on their code output. Meanwhile, at startups like Anthropic, AI models are replacing the need for junior-level coders altogether. Software jobs seen as most at risk These fears aren't just limited to hiring managers and academics. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like The Mess-Free Dog Toy That's Safer for Heavy Chewers Petsume Undo A 2025 Pew Research Center survey found that 48% of Americans believe software engineers will be among the professions most affected by AI in the coming years. That's a higher percentage than for teachers, journalists, or accountants. While manual labor was long seen as most vulnerable to automation, high-skilled roles are now increasingly at risk—starting with tech. Why students are dropping CS While employees in the tech market are worried, the impact of this phenomenon is also seen among tech students. After years of explosive growth, computer science enrollment is flattening. According to recent data referenced in The Atlantic , national growth in CS majors in the U.S. has slowed to just 0.2% this year. At elite institutions such as Princeton and Stanford, once considered pipelines to Silicon Valley, the number of CS undergraduates has either plateaued or started to decline. Princeton's department, for instance, anticipates a nearly 25% drop in majors within two years. Students have now become increasingly cautious. With mass layoffs in big tech, changing visa norms, and rising uncertainty around the long-term role of junior programmers, CS is no longer the default 'safe bet' it once seemed. The road ahead for Computer Science majors The shifting ground poses serious questions for universities and future students. Should colleges reduce CS department sizes? Are interdisciplinary programs—like CS with ethics, bioinformatics, or design—better suited for an AI-enhanced future? And for students: If AI can write your code, what skills will set you apart? The answer may lie in hybrid expertise—combining technical literacy with creativity, strategy, and human-centered design. The next generation of engineers may need to be less about syntax and more about systems thinking. To be clear, computer science isn't dying—but it's evolving. Demand for AI-literate engineers, machine learning experts, and cybersecurity professionals remains strong. However, the pathway to these roles is becoming steeper and more selective. Is your child ready for the careers of tomorrow? Enroll now and take advantage of our early bird offer! Spaces are limited.