1. EchoLeak Zero-Click Attack Exploits M365 Copilot with CVSS 9.3 Severity—Indirect Prompt Injection Emerges as Critical AI Threat
Indirect prompt injection has emerged as a stealthy attack vector that bypasses traditional interaction models entirely—planting malicious payloads in content that AI systems ingest, then leveraging tool access to exfiltrate data, send emails, or execute unauthorized API calls. The severity of this threat class was und...