Dive into a detailed security analysis video examining critical vulnerabilities discovered in Microsoft's Copilot 365, presented at Black Hat 2024 by Zenity researchers. Learn about sophisticated prompt injection attacks that can be triggered through a single email, potentially compromising organizational data security and enabling social engineering attacks. Explore the technical intricacies of Copilot's operation, its integration with Microsoft's Enterprise Graph, and examine two detailed attack scenarios involving financial transaction data poisoning and confidential data theft. Understand Microsoft's official response to these security concerns and discover practical mitigation strategies for Large Language Model (LLM) applications using the LLM Application Security Canvas framework. Gain valuable insights through real-world demonstrations, technical breakdowns, and expert analysis of enterprise AI security implications.
Microsoft 365 Copilot Security Vulnerabilities and Attack Vectors
Overview
Syllabus
- Introduction
- Overview of Copilot Vulnerabilities
- Cyber Security Risks of Copilot
- Copilot’s Integration with Microsoft’s Enterprise Graph
- Scenario 1: Poisoning Financial Transaction Data
- Scenario 2: Stealing Confidential Data
- Microsoft’s Response
- LLM Application Security Canvas
Taught by
Donato Capitella
Related Courses
-
15 Ways to Break Microsoft Copilot Studio - Security Vulnerabilities and Mitigations
-
Hacking and Securing LLM Applications - Understanding Browser Control Security Risks
-
Guarding LLM and NLP APIs: A Trailblazing Odyssey for Enhanced Security - Podcast #190
-
OWASP Top 10 Security Risks for Large Language Models
