GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    mhoye (mhoye@mastodon.social)'s status on Friday, 09-May-2025 01:13:46 JST mhoye mhoye

    https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

    Something to be aware of if you work in a Microsoft shop with security requirements: Copilot on Sharepoint will apparently allow ACL bypass without logging or alerting.

    You can just ask it for things.

    It looks like what's going on under the hood here is that Copilot introduces a new category of user account for their agents, who have expansive read permissions by default and Copilot doesn't know how to map what the agent _can_ read against user permissions.

    In conversation about 2 days ago from mastodon.social permalink

    Attachments


    2. Domain not in remote thumbnail source whitelist: www.pentestpartners.com
      Exploiting Copilot AI for SharePoint | Pen Test Partners
      from Jack Barradell-Johns
      TL;DR AI Assistants are becoming far more common Copilot for SharePoint is Microsoft’s answer to generative AI assistance on SharePoint Attackers will look to exploit anything they can get their hands on Your current controls and logging may be insufficient Be careful what you keep on platforms like SharePoint Introduction SharePoint is a Microsoft platform
    • Embed this notice
      Matthew Lyon (mattly@hachyderm.io)'s status on Friday, 09-May-2025 01:13:45 JST Matthew Lyon Matthew Lyon
      in reply to

      @mhoye permissions, schmerissions; the point of copilot is to be able to replace all your employees with a monthly subscription to copilot, and if you break a few eggs along the way, well

      In conversation about 2 days ago permalink
    • Embed this notice
      mhoye (mhoye@mastodon.social)'s status on Friday, 09-May-2025 01:13:46 JST mhoye mhoye
      in reply to

      Do we have subtractive models yet? This seems like a very difficult problem to solve unless you go straight to one-agent-model-per-employee with basically constant rebuilding.

      In conversation about 2 days ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.