Cybersecurity researchers at Check Point have uncovered a critical zero-click vulnerability in Microsoft 365 Copilot – dubbed EchoLink – which allows attackers to extract sensitive corporate data without any user interaction.
The exploit, which has since been patched by Microsoft, is described as a potential watershed moment in AI-driven cybercrime, leveraging hidden prompts embedded in everyday business content such as Word documents, calendar entries, and emails.
When Microsoft 365 Copilot processes this seemingly innocuous material, it unknowingly executes the malicious commands.
According to Check Point, the attack is silent and automatic. Users are unaware as Copilot reveals confidential data such as internal reports, meeting summaries, or strategic documents – all without requiring a single click or download.
“This marks the beginning of a new era of cyberattacks – where AI is not just the target, but the tool,” says Hendrik de Bruin, head of SADC Security Consulting at Check Point.
“EchoLink shows how attackers can manipulate large language models in ways that bypass traditional security controls.”
The zero-click nature of the vulnerability has raised alarms across the enterprise sector. Experts warn that such exploits could rapidly evolve, especially as more businesses adopt AI assistants to handle sensitive workflows.
“This isn’t just another flaw – it’s a new class of threat,” says De Bruin. “One that doesn’t require a single click, a download, or any user interaction to trigger. EchoLink is invisible, fast-moving, and capable of silently leaking sensitive enterprise data.”
For organisations heavily invested in Microsoft’s productivity suite, EchoLink is a serious red flag.
“Many rely on Microsoft’s native security tools or try to patch gaps with multiple point solutions,” De Bruin says. “But this fragmented, layered approach can lead to weak links and bling spots, introducing more risk than protection.”
While the assumption is that Microsoft Defender for Office 365 or other built-in tools provide enough coverage, recent incidents – including EchoLink – reveal that native tools often fall short when facing highly sophisticated AI-powered, multi-vector attacks.
Worse, when companies try to fill these gaps with point solutions, they encounter:
- Delayed detection and response due to lack of integration.
- Management overhead from maintaining different vendors and policies.
- Security gaps created by missed data handoffs between tools.
“While Microsoft patched the vulnerability in June 2025, EchoLink shouldn’t be viewed as a one-off vulnerability, but rather a sign of things to come,” says De Bruin. “As AI systems become deeply embedded in everyday tools, they will increasingly be targeted by cybercriminals. And most traditional security approaches are not designed to keep up.
“EchoLink is not just another vulnerability – it’s the canary in the coal mine,” he adds. “It shows how AI is reshaping the threat landscape, creating new exploit paths, and exposing enterprises to novel forms of data leakage and manipulation.
“Cyber leaders should heed this important warning and take the steps necessary to fully protect their organisations,” De Bruin says. “AI-driven attacks are not hypothetical or theoretical. They’re happening now. And as digital transformation accelerates, the surface area for these attacks only grows.”