Check Point cybersecurity researchers have uncovered a critical zero-click vulnerability in Microsoft 365 Copilot, exposing a new frontier in AI-driven cybercrime. The flaw, dubbed “EchoLink”, allowed attackers to silently extract sensitive corporate data without any user interaction.

The exploit worked by embedding hidden prompts into everyday business content—such as Word files, emails, and calendar invites—that Copilot would unknowingly process. Once triggered, the AI revealed confidential information ranging from internal reports to strategic documents, all without a click, download, or warning. Microsoft patched the flaw in June 2025, but experts warn EchoLink signals the beginning of a new class of threats.

“This marks the beginning of a new era of cyberattacks—where AI is not just the target, but the tool,” says Hendrik de Bruin, Head of SADC Security Consulting at Check Point. “EchoLink shows how attackers can manipulate large language models in ways that bypass traditional controls.”

The incident underscores the limitations of relying solely on Microsoft’s built-in security or patchwork point solutions. Fragmented defenses create blind spots, slow detection, and gaps in protection. Instead, Check Point advocates for unified, proactive defenses purpose-built for the AI era.

Check Point’s Harmony Email & Collaboration delivers real-time prevention against phishing, malware, zero-click exploits, and data leaks across Microsoft 365, Google Workspace, Teams, and Slack. Using AI and ML-based threat detection, Harmony scans all document interactions and embedded content before users ever see them, while providing full visibility and control from a single platform.

EchoLink serves as a stark reminder that AI-enabled attacks are not hypothetical—they are here now. As De Bruin concludes: “This is not just another flaw. It’s a wake-up call for security leaders to adopt end-to-end protection that evolves as fast as the threats.”

//Staff writer