• Sailor Sega Saturn@awful.systems
    link
    fedilink
    English
    arrow-up
    43
    ·
    edit-2
    3 months ago

    Microsoft’s excuse is that many of these attacks require an insider.

    Sure we made phishing way easier, more dangerous, and more subtle; but it was the user’s fault for trusting our Don’t Trust Anything I Say O-Matic workplace productivity suite!

    Edit: and really from the demos it looks like a user wouldn’t have to do anything at all besides write “summarize my emails” once. No need to click on anything for confidential info to be exfiltrated if the chatbot can already download arbitrary URLs based on the prompt injection!

    • BlueMonday1984@awful.systems
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      and really from the demos it looks like a user wouldn’t have to do anything at all besides write “summarize my emails” once. No need to click on anything for confidential info to be exfiltrated if the chatbot can already download arbitrary URLs based on the prompt injection!

      We’re gonna see a whole lotta data breaches in the upcoming months - calling it right now.