
[Sep 2025] First Real-World Zero-Click Prompt Injection Exploit in a Production LLM System
EchoLeak (CVE2025-32711), a zero-click prompt injection vulnerability in Microsoft 365 Copilot that enabled remote, unauthenticated data exfiltration via a single crafted email.
June 19, 2026
