Exploiting Copilot AI for SharePoint | Pen Test Partners
www.pentestpartners.com
TL;DR AI Assistants are becoming far more common Copilot for SharePoint is Microsoft’s answer to generative AI assistance on SharePoint Attackers will look to exploit anything they can get their hands on Your current controls and logging may be insufficient Be careful what you keep on platforms like SharePoint Introduction SharePoint is a Microsoft platform
  • insight06@lemmy.worldEnglish
    3·
    18 hours ago

    This was actually a decent skim. Microsoft did not think that one through.

    Companies paying for a corporate copilot instance to train on their SharePoint documents can inadvertently reveal the contents of those documents to anyone in the company who asks Copilot about them, even if those documents were made highly restricted - in their example, a document full of service account passwords permissioned to only be accessible by a select few members of IT (although sensible IT would be using a password manager right?)

    Quite the oversight! That’s sure to slow adoption in any shops with a zero-trust or principle of least pivilege model in place, or even anywhere big that segments their teams to cut down on noise.