The vulnerability, called EchoLeak, allowed attackers to silently steal sensitive data from a user's environment by simply sending them an email. No clicks, downloads, or user actions were needed.

What’s most unsettling about EchoLeak isn’t the technical jargon, it’s the everyday familiarity of the scenario. A junior employee opens a shared document.

EchoLeak is a reminder that even robust, enterprise-grade AI tools can be leveraged for sophisticated and automated data theft," said Itay Ravia, Head of Aim Labs.