Living off Microsoft Copilot

AI models like Microsoft Copilot can be manipulated through various jailbreaking techniques, allowing attackers to bypass security controls

Security mechanisms in Copilot include label inheritance, external link protection, and AI watchdogs, but these can be circumvented through prompt injection

Data leakage to employees is not the main risk - the bigger threat is attackers using Copilot plugins and permissions to act on users’ behalf

Copilot can be tricked into revealing sensitive information by injecting malicious instructions through HTML tags, base64 encoding, and ASCII smuggling

Traditional phishing may become less relevant as attackers can use Copilot to automate targeted attacks and data exfiltration

The enterprise graph (emails, files, Teams messages) provides extensive attack surface through Copilot’s access to organizational data

As AI models become more sophisticated, jailbreaking becomes easier rather than harder

Enterprises are rapidly adopting AI tools without fully understanding the security implications

Building secure AI applications requires preventing injection attacks and limiting AI’s ability to execute actions

Standard security controls like sensitivity labels are insufficient when AI treats all input as potential instructions