Your company just got hacked through your M365 Copilot, and you didn't notice a thing.

This was the reality with Echoleak, the first real-world vulnerability discovered in Microsoft 365 Copilot. A true zero-click attack that could lead to your sensitive data being handed over to an attacker.

In this session, we take a deep dive into how EchoLeak works, what are the technical vulnerabilities it highlights in AI systems, and the techical controls available to mitigate these risks. You'll learn how AI systems are vulnerable to attack vectors that completely bypass traditional security thinking and discover the defenses you can build into your own AI solutions.

A previous version of this talk was first delivered in Microsoft Security User Group Finland in the end of 2025. Polished session now ready for delivery. Preferred length around 45 minutes + Q&A.