Aim Security researchers found a zero-click vulnerability in Microsoft 365 Copilot that could have been exploited to have AI tools like RAG and AI agents hand over sensitive corporate data to attackers simply by issuing a request for the information in a specially worded email. Microsoft fixed the security flaw.
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2025/06/zero-click-flaw-in-microsoft-copilot-illustrates-ai-agent-rag-risks/
