Echoleak

EchoLeak is a warning about the role AI could play in cyber insurance and resilience

Cyber ResilienceArticleAugust 19, 2025

Arunava Banerjee CISM, Cyber Risk Consulting Lead, Zurich Resilience Solutions UK

Adam Steeden ACII, Cyber Liability Underwriter, Zurich Insurance UK

Share this

EchoLeak is a challenge to how we assess cyber risk in the AI age

The recent discovery of EchoLeak, a zero-click exploit aimed at Microsoft 365 Copilot, is more than a new technical threat. It’s a wakeup call for how we assess, underwrite and manage cyber risk in an AI-driven world. For cybersecurity, risk, and insurance professionals this is a pivotal moment.

What is EchoLeak and why does it matter?

EchoLeak is a type of attack that manipulates an AI agent, like Copilot, into misinterpreting and acting on content.

A harmful email, which doesn’t need to be opened or clicked, can quietly cause AI to reveal sensitive internal information. The AI reads the email, follows hidden instructions, and unwittingly leaks sensitive data from Outlook, Teams, OneDrive, and SharePoint.

This isn’t a traditional attack. There is no malware or unathorized access. It’s a way of manipulating AI behaviour by taking advantage of how it understands context, and is designed to work, rather than tampering with its code. The implications for cyber risk are profound.

“EchoLeak is a stark reminder that AI-driven systems can be manipulated in ways we’ve never seen before. The threat isn’t just technical, it’s about how we understand, insure, and respond to risk in a world where machines make decisions."

Vivien Bilquez

Zurich Resilience Solutions Global Head of Cyber Resilience

The implications of AI based threats for cyber insurance

Organizations that use cyber insurance as a cornerstone of their cyber risk framework need to reconsider their approach. EchoLeak and similar AI-driven threats raise three immediate concerns:

  1. Silent cyber exposure 

EchoLeak doesn't fit the conventional definition of a cyber event. There's no malware, no unauthorized access, and no system compromise. But the damage is real. It's possible we could see other manipulative events, not just data loss, in the future.

You should speak to your insurer about how your insurance policies will respond.

  1. AI as a cyber risk multiplier 

As AI tools and agents become embedded in our organizations the threat surface expands. When compromised these tools don’t just leak data. They amplify the breach by accessing multiple systems simultaneously.

In some cases, they might access systems across an entire industry. Integration and interconnectedness between systems is designed in. It's why AI is so powerful, but it can also magnify the potential fallout.

  1. Attribution and claims complexity 

EchoLeak muddies the water on attribution, complicating claims handling and subrogation strategies. If an AI agent leaks data then a reasonable case could be made for the responsibility being with the user, the vendor, or the AI developer. 

Assessing cyber risks is changing

As AI adoption accelerates, how insurers think about underwriting cyber risk must evolve to consider:

  • The scope of AI access: what systems and data are open to AI tools within the organization, and are appropriate risk assessments being conducted and reviewed regularly?
  • Prompt injection defenses: are there controls to prevent manipulation and is the organization regularly reviewing the threat landscape when incidents like EchoLeak happen to inform their approach to AI and cyber risk management?
  • Vendor transparency: is it possible to audit AI behavior and activity logs? AI is a continually evolving landscape and appropriate safeguards need to be in place such as establishing contractual liability and having a human in the loop for key decisions
  • Incident response readiness: is the organization testing its ability to respond effectively to AI-specific scenarios?
  • Culture and training: does the organization use its risk view to inform the training for its people who are using AI in their day-to-day work?
  • Privileged access management: Where appropriate AI Agents should be treated as privileged users and assessed as a risk in the same way people with enhanced access to systems and data would be

"The real concern is that these attacks can slip past traditional defenses, leaving organizations exposed to new and unfamiliar risks. Staying informed and alert is essential. We’re entering a Zero Trust era, where a healthy dose of skepticism is our strongest line of defense."

Vivien Bilquez

Zurich Resilience Solutions Global Head of Cyber Resilience

What should you do to manage the cyber threat from AI? 

Organizations should be reviewing their cyber risk management to ensure:

  • Auditing of AI integrations. Know what your AI tools access and how they behave
  • Segment trust boundaries: don’t allow AI to blend internal and external content without proper checks and controls
  • Implement AI-aware data loss prevention and anomaly detection
  • Review insurance policies to ensure AI-induced data loss is clearly addressed
  • Push vendors for transparency on how AI handles untrusted inputs 

Final thoughts on cyber risk and the new age of AI 

EchoLeak is a paradigm shift. It challenges our assumptions about how AI behaves, how risk is transferred, and how insurance coverage is triggered. 

In the age of AI, we are not just insuring systems, we are insuring decisions made by machines. The challenge for cyber risk leaders is to bridge the gap between technical complexity and insurable clarity. EchoLeak is our call to action.

References

  1. Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot. 
  2. CVE-2025-32711 Vulnerability: “EchoLeak” Flaw in Microsoft 365 Copilot Could Enable a Zero-Click Attack on an AI Agent | SOC Prime.

Related Solutions