If you give Copilot the reins, don't be surprised when it spills your secrets

Thankfully we have some sane people in management - in our company you need to go quite high up to get any permission for any AI deployment exactly because of the risks.

One risk is actually that we don't actually have a full picture of all the risks yet, and that tends to be a red flag in itself. Combining the use of Microsoft with letting one of their new toys with an as yet not well controlled risk set loose on corporate data doesn't feel like a very bright idea.

Re: The truth is out there !!!

Dunno about you but I'd yeet that grenade.

Re: The truth is out there !!!

you know it is going to explode *but* don't know when

Yes you do. It'll be more than 5 seconds because then you have used all your fingers of one hand and have to hold it between your legs to continue counting on the other hand..

:)

Re: "It's kind of funny in a way"

And they get a license review in response.

Re: "It's kind of funny in a way"

Oh yeah, it's downright hilarious, innit ?

This part really made me laugh, in an almost hysterical kind of way-

Combine those with what Zenity marketing chief Andrew Silberman told us is nearly 3,000 Copilot Studio bots in the average large enterprise (we're talking Fortune 500-level companies), along with research indicating that 63 percent of those are discoverable online

LOL! I mean it's 2024 and this is still happening? How many critical vulnerabilities have started with Microsoft's autodiscovery, or just discovery features? I can kinda see some potential benefits from Copilot on an external server on a DMZ, but am also imagining the horrors regarding how to secure any communications back into the trusted domain. There really needs to be some simple way to what information Copilot can utilise.

Re: "It's kind of funny in a way"

Get sued, sure. Get sued successfully, and end up paying more than a token amount — that's very far from certain. Litigation against tech companies in general, and tech giants in particular, has a poor track record.

Re: Do we need a new acronym?

It's not "remote code execution" but it is "remote information extraction" and (as noted in the fine article) probably something we'll be seeing a lot more of in the next few years.

Indeed. Pretty much all fictional depictions of dangerous AIs could have been very short, if only they'd been contained and constrained. But they escape, and usually bad stuff happens. Copilot doesn't seem much different. It really needs policies that can also contain and constrain who can access it, and what it can access. So maybe a Copilot chatbot could be useful on a public server. It can only 'learn' from stuff on that server, so the risk is minimised given it's knowledge base is stuff intended to be made public anyway.

But I think you really wouldn't want it talking to any back-end systems unless you can make very clear restrictions as to what it can access and how it can use it. So probably to be safe, airgap any public-facing servers and never let Copilot back into the network. Obviously that limits how it could be used, but at the moment, it seems a very risky 'feature'. I think the same is true for internal networks, how they're segmented and policies applied between those networks. I think adminstrators really need a way to ensure that Copilot is never installed or run on systems they don't want it on.

Based on my own experiences as an average user, Microsoft is just pushing it as an update, and making it very difficult to terminate with extreme prejudice. But then that's also true for a lot of unwanted 'features' forced on users.

ps.. best I can come up with for an acronym is AIE!, or Automated Industrial Espionage or Automated Information Exfiltraton

Re: Do we need a new acronym?

Often it is, in fact, remote code execution, as people increasingly couple LLMs to "agentic" systems that perform other processing, control machinery, etc. Don't forget Copilot itself started off as a source-code generation engine; if you compromise that, you have RCE, just through an additional layer of abstraction.

Re: Do we need a new acronym?

It's fair to assume that information extraction will lead to more remote code execution.