Microsoft Copilot could have serious vulnerabilities after researchers reveal data leak issues in RAG systems

Microsoft Copilot could have serious vulnerabilities after researchers reveal data leak issues in RAG systems

Briefly

They say these vulnerabilities can "confuse" Copilot for Microsoft 365 into committing confidentiality violations.

ITProhttps://www.itpro.com/technology/artificial-intelligence/microsoft-copilot-could-have-serious-vulnerabilities-after-researchers-reveal-data-leak-issues-in-rag-systems

The researchers described RAG models as being susceptible to the "confused deputy" problem, which is "where an entity in an enterprise without permission to perform a particular action can trick an over-privileged entity into performing this action on its behalf."

ITProhttps://www.itpro.com/technology/artificial-intelligence/microsoft-copilot-could-have-serious-vulnerabilities-after-researchers-reveal-data-leak-issues-in-rag-systems

They explore a vulnerability that "leaks secret data" by leveraging the caching mechanism during retrieval, before investigating how these vulnerabilities in unison can be "exploited to propagate misinformation within the enterprise."

ITProhttps://www.itpro.com/technology/artificial-intelligence/microsoft-copilot-could-have-serious-vulnerabilities-after-researchers-reveal-data-leak-issues-in-rag-systems

The report imagines the damage being done by an employee within the organization who leverages the vulnerabilities to gain access to information beyond their privileges.

ITProhttps://www.itpro.com/technology/artificial-intelligence/microsoft-copilot-could-have-serious-vulnerabilities-after-researchers-reveal-data-leak-issues-in-rag-systems