Critical Copilot Vulnerability Allowed Hackers to Steal 2FA Codes
Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the researchers who discovered the vulnerability and reported it to Microsoft revealed how their proof-of-concept exploit could retrieve 2FA codes and other sensitive data from emails accessible to Copilot. Microsoft and other LLM providers have been unable to prevent their products from complying with malicious requests to reveal data. The root cause: AI bots
Microsoft has patched a critical vulnerability in its M365 Copilot AI platform that allowed researchers to demonstrate how attackers could extract two-factor authentication (2FA) codes and other sensitive data from emails accessible to Copilot. The exploit utilized markup language and HTML tags to bypass security guardrails designed to prevent data exfiltration. The root cause identified is the AI's inability to distinguish between user instructions and malicious content embedded within data it processes. This fundamental flaw leaves AI models susceptible to extracting sensitive information, prompting Microsoft and others to implement complex, ad-hoc security measures.
This cybersecurity report reveals a critical vulnerability in a widely used AI platform, highlighting risks to user data and the challenges of securing AI systems.
📌 Kaynak
Bu haber XML kaynağından derlenmiştir. Tamamı için orijinal habere gidin.
Orijinal haberi oku →