EchoLeak showed a single email could make Copilot leak internal files. Here is how we wire data to a model with least-privilege retrieval and no vendor lock-in.
Draft outline · Security / vendor economics lensIn June 2025 Aim Security disclosed EchoLeak (CVE-2025-32711, reported around CVSS 9.3), the first documented zero-click prompt-injection exploit against a production AI system: a single crafted email made Microsoft 365 Copilot read internal files and exfiltrate them. Connecting your data to an assistant is a data-exfiltration surface, and it must be designed as one.
Independent reporting on the first zero-click AI data-exfiltration exploit and its significance.
The authoritative framework naming the lethal-trifecta pattern and the design controls.
Security-led but paired with vendor economics: least-privilege retrieval and an abstraction layer that avoids lock-in. It reflects the product's promise to build the plumbing without tying the agency to one vendor, and grounds it in a headline exploit.