"Send me a quick text"Episode Description – Technical Write-up for DefendersEchoLeak is the first documented zero-click AI vulnerability in a major enterprise LLM application — Microsoft 365 Copilot.The attacker seeds malicious instructions inside a normal-looking email, bypassing Microsoft’s prompt-injection filters.When a user later asks a related question, Copilot retrieves that email, executes the hidden commands, and packages sensitive corporate data for exfiltration. Bypassing link redaction and CSP rules, the attacker silently sends the data out through trusted Microsoft services.Persistence is achieved through “RAG spraying,” embedding the malicious instructions across multiple semantic chunks to maximize retrieval chances over time.Defensive Actions • Test AI prompt-injection classifiers, link filtering, and CSP enforcement in combination, not isolation. • Monitor AI assistant retrieval logs for unusual cross-context content use. • Implement strict scope enforcement so untrusted content cannot trigger privileged actions. • Scan indexed content stores for embedded malicious instructions or unusual markdown patterns. • Block unauthorized retrievals from trusted internal services to external destinations.Potential IOCsEmails containing hidden markdown reference-style linksExternal requests routed through Microsoft media or rendering servicesAI retrievals from HR, onboarding, or FAQ content containing unrelated data instructionsRecommended Detection FocusAlerts on Copilot responses containing embedded URLs or encoded dataMonitoring outbound requests from Microsoft services carrying sensitive informationContent scanning for prompt injection patterns inside indexed dataThanks for spending a few minutes on the CyberBrief Project. If you want to dive deeper or catch up on past episodes, head over to cyberbriefproject.buzzsprout.com. You can also find the podcast on YouTube at youtube.com/@CyberBriefProject — I’d love to see you there. And if you find these episodes valuable and want to support the project, you can do that here: buzzsprout.com/support Your support means a lot. See you in the next one, and thank you for listening.

Ver todos los episodios