Microsoft Copilot Cowork: Data Exfiltration Vulnerability
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
A Vulnerability in Microsoft Copilot Cowork
Microsoft Copilot Cowork has a security vulnerability that allows agents to send emails directly to users' inboxes without requiring prior approval.
This feature has opened the door to data exfiltration risks. Emails sent by these agents could contain external images. When a user opened a compromised message, these images triggered network requests to external websites, thereby allowing a potential attacker to access the user's data.
The Role of OneDrive in the Data Leak
Another concerning aspect of this vulnerability involves OneDrive. This online storage service from Microsoft can generate pre-authenticated download links. A successful prompt injection could exploit these links, enabling an attacker to download files without authorization.
This situation highlights the ongoing challenges in securing agent-based systems, where protecting user data must be a top priority.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.