Living off Microsoft Copilot

Discover how attackers can exploit Microsoft Copilot through jailbreaking, prompt injection, and data exfiltration. Learn enterprise AI security risks and prevention strategies.

Key takeaways
  • AI models like Microsoft Copilot can be manipulated through various jailbreaking techniques, allowing attackers to bypass security controls

  • Security mechanisms in Copilot include label inheritance, external link protection, and AI watchdogs, but these can be circumvented through prompt injection

  • Data leakage to employees is not the main risk - the bigger threat is attackers using Copilot plugins and permissions to act on users’ behalf

  • Copilot can be tricked into revealing sensitive information by injecting malicious instructions through HTML tags, base64 encoding, and ASCII smuggling

  • Traditional phishing may become less relevant as attackers can use Copilot to automate targeted attacks and data exfiltration

  • The enterprise graph (emails, files, Teams messages) provides extensive attack surface through Copilot’s access to organizational data

  • As AI models become more sophisticated, jailbreaking becomes easier rather than harder

  • Enterprises are rapidly adopting AI tools without fully understanding the security implications

  • Building secure AI applications requires preventing injection attacks and limiting AI’s ability to execute actions

  • Standard security controls like sensitivity labels are insufficient when AI treats all input as potential instructions