Skip to content

Safe Tuesday with SNOK: Copilot's first critical zero-click vulnerability - how did user data leak?

Artificial intelligence has become an integral part of many business solutions. AI facilitates data analysis, streamlines process automation, and…

Artificial intelligence has become an integral part of many business solutions. AI facilitates data analysis, streamlines process automation, and assistants such as Microsoft 365 Copilot promise a revolution in office productivity. However, wherever new technologies emerge, so do new threats.

The latest example of this is a critical zero-click vulnerability just disclosed in a popular Microsoft solution. In recent years, AI has gained popularity thanks to its ability to rapidly analyse vast amounts of data, forecast outcomes and automate routine tasks. AI solutions also attract cybercriminals, who see new attack opportunities in them. Organisations should be aware of how new technologies affect security and implement appropriate protective strategies to avoid potential threats arising from AI-driven cybercrime.

Copilot in the crosshairs: what did the zero-click attack look like?

The attack, named EchoLeak and disclosed by AIM Labs, concerns Microsoft 365 Copilot - a solution integrating GPT-4 with Microsoft services such as Outlook and Teams. What is particularly alarming about this vulnerability is its zero-click nature - the user did not even have to click a link or download a malicious file for their data to begin leaking. In an age when most corporate data is processed electronically, zero-click vulnerabilities become extremely dangerous, as the victim may not even be aware that a breach has occurred. Because Copilot is directly integrated with key business applications, a potential attack could have had an enormous reach, affecting many departments and employees simultaneously. Companies using such solutions should implement monitoring and response mechanisms as soon as possible, capable of detecting and halting suspicious activity in real time.

Under the hood: technical details of the EchoLeak vulnerability

The EchoLeak vulnerability stemmed from Copilot’s flawed processing of information. Specific instructions embedded in the MIME header fields of an email were interpreted by the AI model as commands to synchronise content with an external server. In practice, Copilot treated the hidden commands as a standard operation, copying and forwarding data externally without any authorisation. Technically speaking, the vulnerability was possible due to inaccuracies in metadata analysis, which were misinterpreted by the AI model. These errors stem from excessively broad permissions granted to Copilot in the context of automated information processing. Additionally, the absence of adequate verification and filtering mechanisms allowed attackers to bypass security controls with ease and carry out malicious actions. Microsoft had to intervene quickly to patch this gap, but effective data protection requires systematic AI security controls and configuration adjustments in response to evolving threats.

Article content

What do experts say?

Patryk Budkowski, Cybersecurity Researcher on the Cybersec AI team at SNOK, comments:

“EchoLeak is a textbook example of how complex AI solutions can become an attack vector without any user action whatsoever. Microsoft 365 Copilot showed that advanced business process automation demands equally advanced protection. At the SNOK laboratory, we continuously analyse this type of vulnerability in order to provide clients with reliable information and solutions that strengthen security in the age of AI. It is essential to understand how AI mechanisms work and what permissions they hold. Only then can we consciously implement safeguards and minimise the risk of AI being exploited as an attack tool.”

SNOK - experts in AI protection

SNOK is a company specialising in securing IT environments, with a particular focus on artificial intelligence and automation technologies. Our team of AI cybersecurity experts not only continuously analyses the latest threats, but also develops dedicated strategies and solutions that ensure maximum protection for client data. At SNOK, we believe that a comprehensive approach to cybersecurity - encompassing both audits and continuous threat monitoring - is the key to success in the fight against cyberattacks. By deploying on-premises models on client servers, SNOK ensures full control over the data processing pipeline, minimising the risk of attacks.

How to protect your data against EchoLeak-type attacks?

The Copilot incident demonstrates how important a conscious approach to AI security is. Many companies may choose to move from SaaS services to on-premises hosted models, which offer full control over data processing. SNOK offers clients the option to deploy artificial intelligence models on their own servers, ensuring that corporate data never leaves the secured IT environment.

Tematy: Safe Tuesday SAP security Microsoft 365

Get in touch