Shadow AI and Copilot: when the assistant leaks company secrets

In summer 2025, security researchers disclosed EchoLeak (CVE-2025-32711), a so-called zero-click vulnerability in Microsoft 365 Copilot. Through a single crafted email, an attacker could make the assistant leak sensitive information without the user clicking anything. It was rated critical (CVSS 9.3).

Microsoft has patched that specific hole, but the point stands: an AI assistant with access to your entire data estate is a powerful new attack surface.

Most incidents aren't spectacular exploits but something more mundane: Copilot sees everything the user can see. And in most organisations, users can see far more than they should: old SharePoint folders, misfiled payroll, entire file servers. The AI does nothing wrong. It just makes the invisible visible, fast.

The moment an assistant can assemble personal data from sources an employee shouldn't really reach, you have a data-protection problem, whether or not anyone exploits it. Switching on AI over messy permissions is automating an old problem.

• Clean up permissions before rollout. Least privilege, reviewed, not "everyone in the org".
• Label and separate sensitive data so the assistant can't pull it in.
• Log and review what the assistant actually retrieves.

This is the core of our work in Managed IT and security: we spot the things you didn't know to look for. Book a review before you scale up Copilot.