• insight06@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    18 hours ago

    This was actually a decent skim. Microsoft did not think that one through.

    Companies paying for a corporate copilot instance to train on their SharePoint documents can inadvertently reveal the contents of those documents to anyone in the company who asks Copilot about them, even if those documents were made highly restricted - in their example, a document full of service account passwords permissioned to only be accessible by a select few members of IT (although sensible IT would be using a password manager right?)

    Quite the oversight! That’s sure to slow adoption in any shops with a zero-trust or principle of least pivilege model in place, or even anywhere big that segments their teams to cut down on noise.