Microsoft's AI-powered Copilot exposed to security vulnerabilities where a hacker could access sensitive information such as employee salaries by bypassing file reference protections. Attackers can also manipulate AI to provide their own bank details, glean insights from upcoming financial reports, and trick users into visiting phishing websites. The exploitation of post-compromise AI introduces new risks since it aids attackers in bypassing controls and extracting internal system prompts, leading to unauthorized data access and operations.
Source: https://www.wired.com/story/microsoft-copilot-phishing-data-extraction/
"id": "mic001081724",
"linkid": "microsoft",
"type": "Breach",
"date": "8/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"