EchoLeak
Capture Summary
Case study of EchoLeak, CVE-2025-32711, a zero-click prompt injection vulnerability in Microsoft 365 Copilot that enabled remote unauthenticated data exfiltration via a crafted email.
Relevance
- Bridges academic prompt injection with production enterprise AI impact.
- Important for challenge mapping around external/internal data bridging, email as untrusted input, and data exfiltration paths.
- Candidate for research questions on zero-click AI exploit detection and mitigations.
Collection Notes
Collected as both incident case study and research paper candidate.