Unique AI Vulnerability Research Yields Breakthrough ‘EchoLeak’ Discovery: First Zero-Click AI Vulnerability in Microsoft 365 Copilot
Aim Security, the fastest-growing AI Security Platform, announced the launch of Aim Labs, a new advanced vulnerability research division dedicated to uncovering and mitigating the most sophisticated threats targeting AI technologies.
Led by former Google leaders and top alumni from Israel’s elite Unit 8200, Aim Labs unites a rare combination of deep AI research and advanced cybersecurity expertise to drive innovation and set new standards for real-time defense through the proactive sharing of high quality threat intelligence.
Cyber Technology Insights : CyberArk Empowers MSPs with New Console and Program for Identity Security Services
In concert with the launch, Aim Labs also released groundbreaking research detailing the first-of-its-kind “zero-click” attack chain on an AI agent. The critical vulnerability in Microsoft 365 Copilot, dubbed ‘EchoLeak’, allows attackers to automatically exfiltrate sensitive and proprietary information from M365 Copilot—without any user interaction, or reliance on specific victim behavior. The attack is initiated simply by sending an email to a target within an organization, regardless of sender restrictions or admin configurations. Aim Labs worked closely with Microsoft’s Security Response Center to responsibly disclose the vulnerability and issue a fix. It is the first AI vulnerability to receive a no-action CVE from Microsoft (CVE-2025-32711).
“AI is fundamentally re-writing the security playbook. EchoLeak is a reminder that even robust, enterprise-grade AI tools can be leveraged for sophisticated and automated data theft,” fsecurity Itay Ravia, Head of Aim Labs. “This discovery underscores just how rapidly the threat landscape is evolving, reinforcing the urgent need for continuous innovation in AI security—the very mission driving Aim Labs.”
Cyber Technology Insights : Troubadour Tech Achieves NextWave Platinum Innovator Status With Palo Alto Networks
Aim Labs will serve as Aim’s dedicated research hub, tackling the unique security challenges introduced by AI adoption across critical sectors including banking, healthcare, insurance, manufacturing, and defense. Trusted by Fortune 500 companies, the Aim platform’s unique runtime detection capabilities will be leveraged by the Aim Engine to mitigate emerging vulnerabilities and exploitation methods in real-time. Through continuous threat discovery and openly sharing cutting-edge research and best practices, Aim Labs will empower organizations to confidently and securely harness the power of AI.
“As AI becomes integral to business operations, organizations face unprecedented risks related to data exposure, supply chain vulnerabilities, and emerging threats like prompt injection and jailbreaks,” said Matan Getz, CEO and Co-founder of Aim Security. “Aim Labs is our commitment to staying ahead of these evolving threats by fostering continuous innovation and sharing actionable insights with the global security community.”
Cyber Technology Insights : AU10TIX AnyDoc Authentication Sets New Standard
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
Source: businesswire
