Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive technical analysis of the EchoLeak vulnerability affecting Microsoft 365 Copilot in this 38-minute deep dive presentation. Examine how this zero-click exploit enables data exfiltration through a simple email sent to users of Microsoft Office 365 Copilot, requiring no user interaction beyond receiving the malicious message. Learn about the vulnerability's mechanics through detailed coverage of data exfiltration techniques using Markdown images, understand how Copilot functions as a RAG (Retrieval-Augmented Generation) system operating on the Enterprise Graph, and analyze the complete attack chain from initial email delivery to successful data extraction. Discover advanced strategies for poisoning the RAG latent space, investigate LLM scope violations that enable unauthorized access to sensitive information, and gain insights into the broader security implications for enterprise AI systems. The presentation includes practical lessons learned from this vulnerability research and provides essential knowledge for security professionals working with AI-powered enterprise tools.
