Published: Aug 13, 2024
Key Takeaways:
- Michael Bargury, CTO of Zenity, exposed multiple security flaws in Microsoft Copilot.
- He showcased how Copilot’s vulnerabilities could be used for data exfiltration, altering financial information, and redirecting users to phishing sites.
- Organizations should monitor Copilot interactions closely and track potential prompt injections to mitigate security risks.
The CTO of AI security firm Zenity has uncovered major security vulnerabilities within Microsoft Copilot, showing how cybercriminals could exploit these flaws to compromise organizational security. Michael Bargury’s findings demonstrate the potential for threat actors to leverage Copilot’s weaknesses to launch targeted attacks.
Last week, Michael Bargury highlighted the security flaws in Microsoft Copilot during two sessions at the Black Hat security conference in Las Vegas. In his first presentation, he explained how developers using Copilot Studio could unintentionally create custom enterprise chatbots capable of exfiltrating data or bypassing security measures. The second session, titled “Living off Microsoft Copilot,” focused on the risks of Copilot chatbots, such as prompt injection.
Bargury launched a new LOLCopilot tool for Microsoft Copilot, Copilot Studio, and Power Platform. This red teaming tool enables ethical hackers to alter the default Copilot configuration using prompt injection. It allows them to directly inject prompts into a Copilot chatbot, bypassing built-in security measures to modify parameters and instructions within the model.
In his Black Hat presentation, Bargury demonstrated how an attacker could manipulate Copilot to change banking information and steal money from a victim’s account. Additionally, the hacker could access limited information about an upcoming earnings call for an organization. The attacker could also turn Copilot into a malicious insider to redirect users to phishing websites and steal credentials.
Lastly, Bargury mentioned that he is collaborating with Microsoft’s red team to address these underlying issues. He strongly recommends that organizations monitor Copilot conversations and track potential prompt injections to mitigate security threats.
Microsoft has appreciated Zenity’s findings and reaffirmed its commitment to protecting Copilot customers from cyberattacks. “We appreciate the work of Michael Bargury in identifying and responsibly reporting these techniques through a coordinated disclosure. We are investigating these reports and are continuously improving our systems to proactively identify and mitigate these types of threats and help keep customers protected.” Microsoft said in a statement to The Register.