EchoLeak: Anatomy of a Zero-Click Prompt Injection and How to Prevent the Next One

Pavan Reddy April 17, 2026 EchoLeak (CVE-2025-32711) is a concrete example of “prompt injection becomes a breach”: a reported vulnerability affecting Microsoft 365 Copilot associated with unauthorized information disclosure over a network. This talk dissects the engineering failure as a repeatable learning model: where trust boundaries were crossed, why layered mitigations didn’t fully hold, and how real systems accidentally grant models the ability to move data across compartments. Attendees will leave with a defensive blueprint that applies beyond this incident, design patterns for provenance isolation, retrieval compartmentalization, least-privilege tool design, output controls, and a test plan for continuous adversarial evaluation that can be integrated into shipping pipelines.

Join Today
Inside the Modern Threat Landscape - Attacker Wins, Defender Moves, and Your Priorities
▶︎

Inside the Modern Threat Landscape - Attacker Wins, Defender Moves, and Your Priorities

Trump Brags About His Brain, Crowd Size & Pool, CBS Fires Scott Pelley & Don Jr's Honeymoon Video
▶︎

Trump Brags About His Brain, Crowd Size & Pool, CBS Fires Scott Pelley & Don Jr's Honeymoon Video

The Axios npm Supply Chain Attack
▶︎

The Axios npm Supply Chain Attack

Passkeys Explained: Are They Actually Better Than Passwords?
▶︎

Passkeys Explained: Are They Actually Better Than Passwords?

How I Use Aspirin to Unclog Arteries
▶︎

How I Use Aspirin to Unclog Arteries

Infrastructure Doesn’t Lie: Using Infra Signals to Detect Shadow AI Built Applications
▶︎

Infrastructure Doesn’t Lie: Using Infra Signals to Detect Shadow AI Built Applications

How to Disappear Online and Become Untraceable
▶︎

How to Disappear Online and Become Untraceable

The Insane Genius of a Formula 1 Gearbox
▶︎

The Insane Genius of a Formula 1 Gearbox

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026
▶︎

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026

But how do AI images and videos actually work? | Guest video by Welch Labs
▶︎

But how do AI images and videos actually work? | Guest video by Welch Labs

Make Insecure Code Hard to Write: The IDE Guardrails Playbook
▶︎

Make Insecure Code Hard to Write: The IDE Guardrails Playbook

Scaling AppSec Through Humans & Agents
▶︎

Scaling AppSec Through Humans & Agents

Why I’m Deleting My Google Account in 2026 (And What I Use Instead)
▶︎

Why I’m Deleting My Google Account in 2026 (And What I Use Instead)

Transformers, the tech behind LLMs | Deep Learning Chapter 5
▶︎

Transformers, the tech behind LLMs | Deep Learning Chapter 5

If You Have A Bad Memory, I’ll Help You Fix It In 28 Minutes
▶︎

If You Have A Bad Memory, I’ll Help You Fix It In 28 Minutes

How to Get and Evaluate Startup Ideas | Startup School
▶︎

How to Get and Evaluate Startup Ideas | Startup School

COLLAPSE of Personal Computing | Investigation Into the Destruction of Ownership
▶︎

COLLAPSE of Personal Computing | Investigation Into the Destruction of Ownership

How to Detect a Fake Cell Tower Spying on Your Phone (Stingray)
▶︎

How to Detect a Fake Cell Tower Spying on Your Phone (Stingray)

VPN INSIDER'S MYTH-BUSTING! Separating Fact from Fiction: How VPNs Really Work
▶︎

VPN INSIDER'S MYTH-BUSTING! Separating Fact from Fiction: How VPNs Really Work

Building the PERFECT Linux PC with Linus Torvalds
▶︎

Building the PERFECT Linux PC with Linus Torvalds