---
id: "entity-org-aim-security"
type: "entity"
entityType: "organization"
canonicalName: "Aim Security"
aliases: ["Aim Labs"]
source_timestamps: ["¶1", "¶2"]
tags: ["security-research", "enrichment-derived"]
related: ["concept-echoleak", "entity-microsoft-365-copilot"]
url: "https://aim.security"
provenance: "enrichment-overlay"
source_title: "Research: Conventional Cybersecurity Won't Protect Your AI"
source_url: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sources: ["tail2"]
sourceVaultSlug: "hbr-seg-tail2"
originDay: 2
articleStem: "hbr-tail-128-cybersecurity-wont-protect-ai"
sourceUrl: "https://hbr.org/2026/01/ts-research-conventional-cybersecurity-wont-protect-your-ai"
sourceTitle: "Research: Conventional Cybersecurity Won’t Protect Your AI"
---
# Aim Security (Aim Labs)

**Role:** the security research team credited (in the enrichment overlay, not the source text itself) with discovering the [[concept-echoleak|EchoLeak]] vulnerability (**CVE-2025-32711**) in [[entity-microsoft-365-copilot-d2|Microsoft 365 Copilot]], disclosed June 2025.

**Why this note exists.** The article names EchoLeak but not its discoverers; this entity is added from enrichment grounding so downstream cross-vault tooling can resolve the EchoLeak provenance chain. Company site: `https://aim.security`. Aim's research is cited across multiple secondary analyses that frame EchoLeak as the first known zero-click, prompt-injection-based exploit in a production AI agent.
