Director’s Cut: Microsoft Copilot Flaw Highlights Emerging AI Security Risks

Microsoft Copilot Flaw Highlights Emerging AI Security Risks

A recently discovered security flaw in Microsoft 365 Copilot, dubbed “EchoLeak” by researchers, and reported in Fortune, underscores the vulnerabilities inherent in AI agents and signals a broader challenge for organizations adopting generative AI technologies. This vulnerability affects not just Copilot but also potentially other AI agents, raising alarms for enterprises experimenting with AI integrations.

The EchoLeak vulnerability enables attackers to compromise AI tools like Copilot by embedding hidden commands into regular-looking emails. These commands trigger Copilot to access and expose sensitive files, including emails and spreadsheets, all without user action or detection. Identifying the source of the breach would be extremely difficult.

While no customers were impacted in the specific EchoLeak case, the incident highlights a structural vulnerability inherent in AI tools that boards must address proactively. Such vulnerabilities highlight the unpredictability and vast attack surface of AI systems. Researchers warn that, without a fundamental redesign of AI agent architectures, such risks will persist and worsen with broader adoption.

In its current state, AI is both an opportunity and a liability. Other issues, such as unintentional biases and data misuse within generative AI tools, could invite regulatory scrutiny or damage trust with stakeholders. Boards must reconsider cybersecurity governance in the context of increasingly autonomous systems. Unless the technology is first secured, organizations may be putting themselves at enormous risk.

Key Questions Directors Should Ask Management:

• How do we identify and mitigate security vulnerabilities in the AI tools integrated into our operations?
• What is management’s plan for ensuring AI systems–both those procured from third parties and those developed in-house–have clear boundaries between trusted and untrusted data processing?
• Have we coordinated cross-department efforts (IT, risk, compliance) to evaluate the legal and operational consequences of AI-driven security risks like EchoLeak?

On the Radar:

How Can the Board Shift to a Stewardship Mindset to Strengthen Cyber Resilience?

An article in Harvard Business Review details why boards should adopt a stewardship approach, especially when it comes to cybersecurity. Authors Dr. Noah Barsky and Dr. Keri Pearlson detail three common board missteps: underestimating the business consequences of underfunding cybersecurity; a failure to address technical debt–outdated systems and technology that introduce vulnerabilities over time; and not viewing cyber near-misses as a business improvement opportunity. These gaps increase exposure to avoidable cyber risks and undermine long-term resilience.

Barksy and Pearlson set out how a stewardship mindset can significantly reduce and prevent avoidable unforced errors, and share five key steps including encouraging cyber teams to think broadly about consequences of inaction, conducting frequent due diligence to reduce technical debt, and recasting board cyber updates as learning opportunities. 

Are We Prepared for Scattered Spider's Campaign Targeting U.S. Insurers?

Security Boulevard reports Scattered Spider, a cybercrime group known for targeting entire industries, has begun a wave of attacks on U.S. insurers following previous damaging campaigns against U.K. retailers. Recent attacks targeted Aflac, Erie Insurance, and Philadelphia Insurance Companies. According to Aflac’s filing with the Securities and Exchange Commission, customer data may have been affected, but the incident was contained and ransomware had not been deployed.

The group has previously used techniques such as help desk and call center infiltration to gain initial access to systems before encrypting systems and demanding a ransom. Boards should evaluate exposure to industry-wide attack patterns and ensure management has reinforced defenses against social-engineering schemes, for example by training frontline employees, and promoted threat intelligence sharing with industry peers to stay ahead of evolving risks.

Is Network Complexity and Technical Debt Hindering Our Ability to Evict Persistent Threats?

According to a report in Cyberscoop, the Salt Typhoon espionage campaign, attributed to Chinese nation-state hackers, exposed critical vulnerabilities in U.S. telecommunications networks, which officials warn may never be fully eradicated. Decades of network consolidation and layering of outdated and modern technologies have created sprawling systems riddled with vulnerabilities. 

But the problem affects most companies to a greater or lesser extent. Complexity, combined with insufficient identity management and hidden ways for hackers to secretly re-enter a system anytime they want, allows attackers to maintain long-term access despite incident response efforts. Boards should prioritize reducing technical debt, streamlining network architectures–for example through implementation of a Zero Trust architecture–and investing in proactive threat detection capabilities to minimize the risk of attackers entrenching themselves within critical systems.

*****

Zscaler is a proud partner of NACD’s Northern California and Research Triangle chapters. We are here as a resource for directors to answer questions about cybersecurity or AI risks, and are happy to arrange dedicated board briefings. Please email Rob Sloan (rsloan[@]zscaler.com), VP Cybersecurity Advocacy at Zscaler, to learn more.