Cybersecurity researchers from Aim Security identified a critical zero-click vulnerability in Microsoft's 365 Copilot AI assistant, designated CVE-2025-32711 with a CVSS score of 9.3. This flaw, dubbed EchoLeak, allowed attackers to silently extract sensitive corporate data by sending a specially crafted email without requiring any user interaction. The exploit manipulated the AI agent to turn against itself, highlighting emerging security risks associated with AI-powered tools. Microsoft promptly patched the vulnerability and confirmed that no customers were affected or had their data compromised. The incident underscores broader concerns about the security of AI agents and the potential for sophisticated attacks exploiting their capabilities.