It seems no matter how many safeguards are put on AI assistants and chatbots, crafty hackers will find a way around them. Just earlier this month, malicious actors tricked Meta's AI support into providing access to some of Instagram's largest accounts.This time, cybersecurity researchers at Varonis Threat Labs have uncovered a new three-stage vulnerability chain that "turns Microsoft 365 Copilot Enterprise Search into a silent data exfiltration weapon."What does this mean? Basically, by deploying this chain of attacks, which has been named SearchLeak, Microsoft Copilot could be used to send your emails, two-factor authentication codes, or any other sensitive data on your computer to an attacker.
You May Also Like
According to Varonis, the vulnerability involves the deployment of three separate attacks: a new AI-specific vulnerability called Parameter-to-Prompt Injection (P2P), along with two old fashion web bugs — an HTML injection race condition and a Content Security Policy (CSP) bypass via Bing server-side request forgery (SSRF)."Since SearchLeak targets the Enterprise tier of Microsoft, the blast radius isn't limited to personal data — it's able to surface anything the user has access to inside the organization, including emails, meeting invites and notes, SharePoint documents, OneDrive files, and other indexed business content," reads Varonis' report. "Depending on how M365 is connected to the environment, the blast radius could extend even wider."Microsoft has built safety guardrails into Copilot that usually prevent the AI assistant from sending data to a bad actor. If any of these steps were carried out alone, the attack would not work. However, as a combined three-stage vulnerability chain, SearchLeak is a workaround that obtains the information for an attacker.This may sound like a lot, but the attack is fairly simple once you break it down. Here's what a hacker would do to steal your data via SearchLeak.
