---
id: "entity-microsoft-365-copilot-d2"
type: "entity"
entityType: "product"
canonicalName: "Microsoft 365 Copilot"
aliases: ["M365 Copilot", "Copilot"]
source_timestamps: ["¶1"]
tags: ["ai-product", "vulnerability-target"]
related: ["concept-echoleak", "entity-org-aim-security"]
url: "https://www.microsoft.com/microsoft-365/copilot"
source_title: "Research: Conventional Cybersecurity Won't Protect Your AI"
source_url: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sources: ["tail2"]
sourceVaultSlug: "hbr-seg-tail2"
originDay: 2
articleStem: "hbr-tail-128-cybersecurity-wont-protect-ai"
sourceUrl: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sourceTitle: "Research: Conventional Cybersecurity Won’t Protect Your AI"
---
# Microsoft 365 Copilot

**Role in the source:** the AI system exposed by the [[concept-echoleak|EchoLeak]] vulnerability in June 2025 — the article's headline demonstration that [[concept-zero-click-ai-exploits|zero-click AI exploits]] are real.

**Enrichment grounding.** Microsoft's AI assistant integrated across the Microsoft 365 suite. Product page: `https://www.microsoft.com/microsoft-365/copilot`. In the EchoLeak incident (CVE-2025-32711, disclosed by [[entity-org-aim-security|Aim Security]]), a crafted email could cause Copilot to exfiltrate data it could access — chat logs, OneDrive, SharePoint, Teams — via an LLM scope violation; Microsoft patched it server-side in May/June 2025.
