EchoLink and the Rise of Zero-Click AI Exploits
Check Point, Monday, August 18th, 2025
In an increasingly AI-powered enterprise landscape, the recent discovery of a zero-click vulnerability in Microsoft 365 Copilot, dubbed EchoLink, should come as a stark warning for cyber security leaders.
This isn't just another flaw - it's a new class of threat. One that doesn't require a single click, a download, or any user interaction to trigger. EchoLink is invisible, fast-moving, and capable of silently leaking sensitive enterprise data.
For organizations heavily invested in Microsoft's productivity suite, EchoLink is a serious red flag. Many rely on Microsoft's native security tools or try to patch gaps with multiple point solutions. But this fragmented, layered approach can lead to weak links and blind spots, introducing more risk than protection.