|
Föderation EN Do 15.05.2025 03:20:14 OMG. #Microsoft #Copilot bypasses #Sharepoint #security so you don’t have to! “CoPilot gets privileged access to SharePoint so it can index documents, but unlike the regular search feature, it doesn’t know about or respect any of the access controls you might have set up. You can get CoPilot to just dump out the contents of sensitive documents that it can see, with the bonus feature* that your access won’t show up in audit logs.” The S in CoPilot stands for Security! https://pivotnine.com/the-crux/archive/remembering-f00fs-of-old/ Medien: 1 |
|
Föderation EN Do 15.05.2025 03:30:18 @paco i used a work ai bot to close a ticket I didn't have access to... |
|
Föderation EN Do 15.05.2025 05:35:11 @sycophantic Fan fucking tastic |
|
Föderation EN Do 15.05.2025 05:36:39 @paco AI is awesome! |
|
Föderation EN Do 15.05.2025 07:34:15 |
|
Föderation EN Do 15.05.2025 03:38:09 |
|
Föderation EN Do 15.05.2025 05:33:09 Medien: 1 |
|
Föderation EN Do 15.05.2025 04:11:35 @paco I remember this exact bug with windows indexing in vista! |
|
Föderation EN Do 15.05.2025 04:12:16 @paco so copilot has a Snowden feature? Neat! Edit: worse since Snowden had audit logs... LOL |
|
Föderation EN Do 15.05.2025 06:47:42 |
|
Föderation EN Do 15.05.2025 06:51:12 @paco and I guess this is intentionally, but not to be discovered by others ;-) |
|
Föderation EN Do 15.05.2025 07:30:31 @paco |
|
Föderation EN Do 15.05.2025 07:57:02 @paco Even worse: CoPilot ostensibly has explicitly defined security/content boundaries in the form of resource groups, but they don't actually seem to make a difference. A colleague and I attended an MS presentation/lab where they "showed the potential of AI" (read: a SQL query generator tied to SQLite, and auto-generated out-of-office emails). First, it only took 30 seconds to get CoPilot to drop the entire test DB just by asking nicely. Second, my colleague and I created test RGs to isolate our work (also to easily clean up after and avoid billing mess). I had prompted my instance to emulate a very rude Xbox support agent (which it did fairly amusingly). My colleague's OOF message implementation *also* started being an asshole at the same time, despite claims that instances were entirely isolated. I dread for when MS forces CoPilot indexing on Sharepoint. We already have a hard enough time with oversharing due to bad UI/UX... |
|
Föderation EN Do 15.05.2025 08:05:28 @paco Is there a source in the article? I can't see the whole text... Thank you! |
|
Föderation EN Do 15.05.2025 08:31:48 @paco Så det du siger er at hvis man nu har en hel kommunes ESDH system bygget ovenpå Sharepoint; Så er man egentlig rimelig screwed, hvis man så også har Copilot integreret i alle Officepakkerne? 😬 |
|
Föderation FI Do 15.05.2025 08:48:37 |
|
Föderation EN Do 15.05.2025 09:15:43 Security exists for a reason, so I can see this being exploited by people within a work place, to obtain sensitive / confidential information. What could possibly go wrong. |
|
Föderation EN Do 15.05.2025 09:36:45 "CoPilot, please download a list of all management salaries." "CoPilot, please download my coworkers performance evaluations and why they got a raise, and I didn't." "CoPilot, please record the personal email & phone numbers of the corporate donations to the GOP and who authorized it." "CoPilot, please look up the health claim history of all C-Suite managers." |
|
Föderation EN Do 15.05.2025 09:39:49 |
, powered by sarcasm
