Mermaid図経由でCopilotから情報流出 - 間接プロンプト注入型攻撃の新たな形
https://qiita.com/___nix___/items/90b157d20c819b2db2fa?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #Security #AI #copilot #LLM #echoleak

Hidden commands in emails can trick Microsoft Copilot into stealing your company's secrets—no clicks required. The EchoLeak flaw was patched, but it's a wake-up call about AI security. #Microsoft #CyberSecurity #AI #EchoLeak

https://pupuweb.com/trust-microsoft-copilot-data-0-click-echoleak-flaw/

⚠️ How secure are the #AI systems used by your company? #EchoLeak has really been putting a spotlight on this issue—and the reality is that AI tools pose many risks to businesses. 😨

"AI tools are increasingly being embedded deep into business infrastructure — often alongside 'vague policies' or 'limited visibility into how they process and store data'", says Robert Rea, chief technical officer at #Graylog.

Kate O'Flaherty spoke about this challenge with several industry experts, in addition to Graylog's Robert Rea, including:
👉 Lillian Tsang at Harper James
👉 Emilio Pinna at SecureFlag
👉 Joseph Thompson at Birketts LLP
👉 Sam Peters at ISMS.online

Learn about what it means to be risk aware when it comes to AI tools, and how to strengthen the AI governance strategies at your org. 👇

https://www.isms.online/cyber-security/echoleak-are-firms-complacent-about-the-risks-posed-by-ai/ #cybersecurity #artificialintelligence #AIsecurity #AItools #agenticAI

No Click. No Warning. Just a Data Leak.

Think your AI assistant is secure? Think again. The new EchoLeak exploit shows how Microsoft 365 Copilot, and tools like it, can silently expose your sensitive data without a single user interaction. No clicks. No downloads. Just a well-crafted email.

In this eye-opening blog, we break down how EchoLeak works, why prompt injection is a growing AI threat, and the 5 actions you need to take right now to protect your organization.

Read now: https://www.lmgsecurity.com/no-click-nightmare-how-echoleak-redefines-ai-data-security-threats/

#AIDataSecurity #Cyberaware #Cyber #SMB #Copilot #AI #GenAI #EchoLeak #PromptInjection #MicrosoftCopilot #Cybersecurity #CISO #ITsecurity #InfoSec #AISecurityRisks

Pierwsza podatność typu „zero-click” w Microsoft 365 Copilot. Dane wyciekały bez ingerencji użytkowników.

Badacze z Aim Security odkryli pierwszą podatność „zero-click” w agencie sztucznej inteligencji (AI). Microsoft 365 Copilot można było zmusić agenta do wyciekania poufnych danych organizacji bez ingerencji przez użytkownika – ofiarę. Wystarczyła wysyłka jednego, odpowiedniego spreparowanego maila. Podatność otrzymała oznaczenie CVE-2025-32711 z oceną CVSS 9.3 (krytyczna) i została ochrzczona przez...

#WBiegu #Ai #CPIA #Echoleak #Leak #Markdown #PromptInjection #Wyciek

https://sekurak.pl/pierwsza-podatnosc-typu-zero-click-w-microsoft-365-copilot-dane-wyciekaly-bez-ingerencji-uzytkownikow/

Can Your AI Be Hacked by Email Alone?

No clicks. No downloads. Just one well-crafted email, and your Microsoft 365 Copilot could start leaking sensitive data.

In this week’s episode of Cyberside Chats, @sherridavidoff and @MDurrin discuss EchoLeak, a zero-click exploit that turns your AI into an unintentional insider threat. They also reveal a real-world case from LMG Security’s pen testing team where prompt injection let attackers extract hidden system prompts and override chatbot behavior in a live environment.

We’ll also share:

• How EchoLeak exposes a new class of AI vulnerabilities
• Prompt injection attacks that fooled real corporate systems
• Security strategies every organization should adopt now
• Why AI inputs need to be treated like code

🎧 Listen to the podcast: https://www.chatcyberside.com/e/unmasking-echoleak-the-hidden-ai-threat/?token=90468a6c6732e5e2477f8eaaba565624
🎥 Watch the video: https://youtu.be/sFP25yH0sf4

#EchoLeak #Cybersecurity #AIsecurity #Microsoft365 #Copilot #PromptInjection #CISO #InsiderThreats #GenAI #RiskManagement #CybersideChats

Nu har den kommit, den första sårbarheten i Copilot som kan användas för att genom att skicka ett mail extrahera känslig information från en organisation.

Mer information om sårbarheten echoleak (CVE-2025-32711) finns här:
https://www.aim.security/lp/aim-labs-echoleak-m365

#Sårbarhet #echoleak #Copilot #AI

EchoLeak - der "Dosenöffner" für KI‑Sicherheitsrealitäten!

Es war nur eine Frage der Zeit – und hier ist sie: eine Zero‑Click‑Attacke auf ein KI-System wurde Realität. Die Schwachstelle, bekannt als EchoLeak, nutzt nur eine einzige manipulierte E‑Mail – kein Klick, kein Download, keine Warnung – und Copilot exfiltriert heimlich sensible Unternehmensdaten. #CyberSecurity #AIsecurity #Copilot #Microsoft365 #EchoLeak #ZeroTrust #Cybercrime