Microsoft has released a security patch for a critical vulnerability in its M365 Copilot service, a flaw the company internally tracked as EchoLeak. The bug allowed attackers to silently siphon data from users without triggering any alerts, raising concerns about the safety of AI-assisted workplace tools.
What EchoLeak Did
The vulnerability resided in how Copilot processes user queries and accesses backend data. By exploiting EchoLeak, an attacker could trick the AI assistant into returning sensitive information — emails, documents, chat logs — that should have been restricted. Because the exfiltration happened through normal Copilot responses, standard monitoring tools did not flag it as malicious activity.
Microsoft described the issue as a “critical” severity flaw. The company did not reveal whether any customer data was actually stolen before the patch was deployed, but security teams were urged to apply the update immediately.
Scope of the Patch
The fix was rolled out through Microsoft’s standard update channels for M365 Copilot. Organizations using the service do not need to take any manual action beyond ensuring their systems are current with the latest patches. Microsoft also updated its threat detection rules so that similar attack patterns would be caught in the future.
EchoLeaf is the first publicly acknowledged vulnerability in Microsoft 365 Copilot since its broad launch. The product, which integrates generative AI into Office apps, has been a major focus for Microsoft as it competes with Google Workspace’s AI features and third-party tools like ChatGPT Enterprise.
The attack vector is particularly concerning for companies that rely on Copilot to handle internal data. Because the AI has broad access to corporate information — from meeting transcripts to financial spreadsheets — a flaw that allows that data to be extracted without noise puts intellectual property and compliance at risk.
Security researchers have long warned that AI assistants introduce new attack surfaces. EchoLeak demonstrates that even a trusted productivity tool can become a channel for data loss if its permissions are not tightly controlled. Microsoft advises administrators to review Copilot’s access policies and limit its reach to only the data sets each user truly needs.
What’s Next
Microsoft has not disclosed whether regulators or law enforcement were notified about EchoLeak. The company’s security response team is continuing to investigate potential related issues. For now, the patch is the only line of defense — and IT departments are being told to verify installation across all tenants by the end of the week.
