Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/mhoye/statuses/114473063306352182">mhoye (mhoye@mastodon.social)'s status on Friday, 09-May-2025 01:13:46 JST</a><a href="https://mastodon.social/@mhoye" title="mhoye@mastodon.social"><img src="https://gnusocial.jp/avatar/9256-48-20240425145904.webp" width="48" height="48" alt="mhoye" style="position: absolute; left: 0; top: 0;">mhoye</a></section><article><p><a href="https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/" rel="nofollow">https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/</a>   </p><p>Something to be aware of if you work in a Microsoft shop with security requirements: Copilot on Sharepoint will apparently allow ACL bypass without logging or alerting. </p><p>You can just ask it for things.</p><p>It looks like what's going on under the hood here is that Copilot introduces a new category of user account for their agents, who have expansive read permissions by default and Copilot doesn't know how to map what the agent _can_ read against user permissions.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5023630#notice-9847169">In conversation</a><time datetime="2025-05-09T01:13:46+09:00" title="Friday, 09-May-2025 01:13:46 JST">about 3 days ago</time> <span>from <span><a href="https://mastodon.social/@mhoye/114473063306352182" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@mhoye/114473063306352182">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/262960">Untitled attachment</a></label><br></li><li><article><header><div>Domain not in remote thumbnail source whitelist: www.pentestpartners.com</div><h5><a href="https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/">Exploiting Copilot AI for SharePoint | Pen Test Partners</a></h5><div> from <span>Jack Barradell-Johns</span></div></header><div>TL;DR AI Assistants are becoming far more common Copilot for SharePoint is Microsoft’s answer to generative AI assistance on SharePoint Attackers will look to exploit anything they can get their hands on Your current controls and logging may be insufficient Be careful what you keep on platforms like SharePoint Introduction SharePoint is a Microsoft platform</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
mhoye (mhoye@mastodon.social)'s status on Friday, 09-May-2025 01:13:46 JST mhoye
https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/
Something to be aware of if you work in a Microsoft shop with security requirements: Copilot on Sharepoint will apparently allow ACL bypass without logging or alerting.
You can just ask it for things.
It looks like what's going on under the hood here is that Copilot introduces a new category of user account for their agents, who have expansive read permissions by default and Copilot doesn't know how to map what the agent _can_ read against user permissions.
In conversationabout 3 days ago from mastodon.socialpermalink
Attachments
1. Untitled attachment
2. Domain not in remote thumbnail source whitelist: www.pentestpartners.com
  Exploiting Copilot AI for SharePoint | Pen Test Partners
  from Jack Barradell-Johns
  TL;DR AI Assistants are becoming far more common Copilot for SharePoint is Microsoft’s answer to generative AI assistance on SharePoint Attackers will look to exploit anything they can get their hands on Your current controls and logging may be insufficient Be careful what you keep on platforms like SharePoint Introduction SharePoint is a Microsoft platform

Public

Embed Notice

HTML Code

Corresponding Notice