EchoLeak: Copilot Prompt Injection Exfiltrates Private Code (CVE-2025-32711)
A prompt injection vulnerability in GitHub Copilot (CVE-2025-32711) allowed attackers to exfiltrate private source code through carefully crafted repository content.
They called it EchoLeak, and it earned a CVE: CVE-2025-32711.
The vulnerability combined two attack primitives โ prompt injection and data exfiltration โ into a single devastating chain. An attacker could plant specially crafted content in a repository (code comments, documentation, issue descriptions) that would poison Copilot's context. Once poisoned, Copilot would echo private source code into its responses, which could be captured by attacker-controlled endpoints.
The attack was elegant in its simplicity: you didn't need access to the target's machine or their Copilot account. You just needed them to open a repository containing the payload. Copilot did the rest โ reading the poison, processing it as context, and dutifully exfiltrating whatever the attacker requested.
Hack The Box's research team demonstrated the full kill chain, showing how a single malicious file in a public repo could compromise the private code of anyone who cloned it and used Copilot.
The supply chain attack surface just expanded: your AI assistant reads your code, and now attackers can read your assistant.
More nightmares like this
MCP Horror: Agent Sent Entire WhatsApp History to an Attacker
An AI agent connected via MCP was tricked into exfiltrating a user's entire WhatsApp message history to an attacker-controlled server.
ClawJacked: OpenClaw Vulnerability Enables Full Agent Takeover โ 1,184 Malicious Skills Discovered
Security researchers discovered a critical OpenClaw vulnerability that allows complete agent takeover, finding 1,184 malicious skills already in the wild capable of hijacking any OpenClaw agent.
Mercor Breach: 939GB of Source Code Exfiltrated via Claude
AI hiring platform Mercor suffered a massive breach where 939GB of source code was exfiltrated through Claude, exposing the company's entire codebase.
CamoLeak: GitHub Copilot Silently Exfiltrated AWS Keys via Invisible Markdown
A critical vulnerability in GitHub Copilot allowed attackers to exfiltrate private source code and AWS credentials through invisible markdown rendering โ the user saw nothing.