Living off Microsoft Copilot

Security Ai Automation

Discover how attackers can exploit Microsoft Copilot through jailbreaking, prompt injection, and data exfiltration. Learn enterprise AI security risks and prevention strategies.

Key takeaways

  • AI models like Microsoft Copilot can be manipulated through various jailbreaking techniques, allowing attackers to bypass security controls

  • Security mechanisms in Copilot include label inheritance, external link protection, and AI watchdogs, but these can be circumvented through prompt injection

  • Data leakage to employees is not the main risk - the bigger threat is attackers using Copilot plugins and permissions to act on users’ behalf

  • Copilot can be tricked into revealing sensitive information by injecting malicious instructions through HTML tags, base64 encoding, and ASCII smuggling

  • Traditional phishing may become less relevant as attackers can use Copilot to automate targeted attacks and data exfiltration

  • The enterprise graph (emails, files, Teams messages) provides extensive attack surface through Copilot’s access to organizational data

  • As AI models become more sophisticated, jailbreaking becomes easier rather than harder

  • Enterprises are rapidly adopting AI tools without fully understanding the security implications

  • Building secure AI applications requires preventing injection attacks and limiting AI’s ability to execute actions

  • Standard security controls like sensitivity labels are insufficient when AI treats all input as potential instructions

More talks

Analyzing the Privacy of Android Apps

The History of Computer Art - Anders Norås - NDC Oslo 2024

Karami & Kulakova - Data Science for Social Good: Making Impact in Resource-Constrained Environments

Nerea Luis – Artificial Intelligence seen from the software development lifecycle perspective

Bernice Waweru - Tricking Neural Networks : Explore Adversarial Attacks | PyData Global 2023

From a Pipeline to a Government Cloud How the UK government deploy a Platform-as-a-Service using Co…

RailsConf 2023 - Accessible by default by Joel Hawksley

The (big) picture of debt