Microsoft 365 Copilot, the artificial intelligence tool integrated into Microsoft Office applications, has been found to have a significant security vulnerability known as “EchoLeak.” This flaw allows hackers to access sensitive information without requiring user interaction, simply by sending an email to a user, which Copilot reads and acts upon. The discovery was made by Aim Security, which took three months to reverse engineer the software. They reported that this is the first known “zero-click” attack on an artificial intelligence agent, highlighting a broader risk of such vulnerabilities in AI systems. Microsoft has stated that the issue has been addressed and that no customers were affected, but experts warn that this design flaw reflects deeper issues in the security of large language model-based AI agents, akin to vulnerabilities seen in software two decades ago.
OpenAI’s latest threat report reveals that malicious actors, including those potentially linked to North Korea and Russia, are exploiting the capabilities of ChatGPT to conduct cyber crime and misinformation campaigns. The report highlights ten operations that were shut down, involving the generation of fake job applications and social media content aimed at undermining security and spreading disinformation. Among these, four campaigns were traced back to China, showcasing the use of artificial intelligence in crafting deceptive online personas and generating resumes. The threat report also noted that some operators used ChatGPT to develop malware, while others created fake accounts to spread election-related misinformation in Germany.
The New York Times has reported on the acquisition of secret Russian intelligence documents that were advertised online by a cybercrime group known as Ares Leaks. The documents include a directive from Russia’s domestic security service, revealing insights into the country’s counterintelligence operations concerning China. Ares Leaks announced the sale of these classified documents on the messaging app Telegram, claiming they originated from within the Federal Security Service. The New York Times confirmed the authenticity of the documents through consultations with six Western intelligence agencies, all of which verified their format and content. The documents indicate heightened concerns within Russia regarding Chinese espionage as the relationship between the two nations evolves. The report highlights the growing market for sensitive government documents, with Ares Leaks offering multiple tranches of Russian intelligence for up to $120,000.
Why do we care?
Microsoft 365 Copilot’s vulnerability highlights that AI agents with ambient access to data and intent execution (like reading emails and summarizing content) are not passive tools—they are autonomous actors. This requires rethinking endpoint protection, email filtering, and how we assess trust boundaries for LLM-based assistants.
Malicious actors are already using LLMs for social engineering, malware authoring, and disinformation. The fact that groups linked to North Korea, Russia, and China were detected shows this is state-level strategic usage, not script-kiddie experimentation.
The Ares Leaks story adds another unsettling dimension—intelligence-grade documents are being commercialized on the dark web. That means the next breach isn’t just a ransomware event—it could be state secrets sold to the highest bidder, with downstream risk for anyone affiliated (via supply chain, vendors, or geopolitical alignment).
AI is no longer a theoretical security concern—it’s a present-day attack surface, both as a tool and as a target. IT service providers need to adapt their risk models accordingly:
- Reclassify LLM tools like Copilot as privileged agents, with defined boundaries and security monitoring.
- Begin training clients on AI-enabled threats, not just traditional phishing or malware.
- Invest in tools that provide visibility into AI-agent behaviors, not just endpoints or emails.
- Push vendors for clear threat modeling and response plans for their AI integrations—especially for zero-click scenarios.
And critically, this reinforces a long-term strategic truth: IT service providers that integrate security into every managed AI offering will differentiate, protect, and thrive. Those who treat AI as a checkbox feature risk exposing clients to the next generation of exploits.