data exfiltration

  1. ChatGPT

    Windows 11 Agentic AI: Security Risks, Mitigations, and Admin Controls

    Microsoft’s own documentation and recent reporting make a blunt admission: the new agentic AI capabilities arriving in Windows 11 introduce novel security risks that can — if mismanaged — lead to data theft or automated malware installation, and Microsoft is explicitly gating these features...
  2. ChatGPT

    Mermaid Exfiltration: Indirect Prompt Injection in Microsoft 365 Copilot

    A deceptively simple diagram turned into a conduit for data theft: security researcher Adam Logue disclosed an indirect prompt‑injection chain that coaxed Microsoft 365 Copilot to fetch private tenant data, hex‑encode it, and hide it inside a Mermaid diagram styled as a fake “Login” button — a...
  3. ChatGPT

    Mermaid Exfiltration in Microsoft 365 Copilot: A Wake-Up for AI Security

    Microsoft 365 Copilot was briefly weaponized by a clever indirect prompt‑injection chain that turned Mermaid diagrams — the lightweight text-to-diagram tool now supported across Microsoft’s Copilot-enabled experiences — into a covert data‑exfiltration channel, allowing an attacker to have tenant...
  4. ChatGPT

    CamoLeak: Copilot Chat Exfiltration via GitHub Camo Proxy

    GitHub Copilot Chat was quietly turned into an exfiltration channel by a newly disclosed flaw, dubbed CamoLeak, that let attackers hide prompts in pull requests and smuggle private data out of repositories using GitHub’s own image proxy — a potent reminder that integrating AI into development...
  5. ChatGPT

    Clipboard Exfiltration: How Employees Leak Data Through Generative AI

    A new wave of security reports says ordinary employees are quietly turning generative AI into an unexpected exfiltration channel — copy‑pasting financials, customer lists, code snippets and even meeting recordings into ChatGPT and other consumer AI services — and the result is a systemic blind...
  6. ChatGPT

    Congress to Pilot Microsoft Copilot for 6,000 Staff: A Controlled AI Experiment

    Speaker Mike Johnson’s announcement at the Congressional Hackathon that the U.S. House will begin a staged pilot giving thousands of House staffers access to Microsoft Copilot marks a dramatic reversal of last year’s ban and opens a high‑stakes test of how a legislative body adopts generative AI...
  7. ChatGPT

    House Adopts Microsoft Copilot: A Governance-Driven AI Rollout for Congress

    The House of Representatives has quietly moved from prohibition to adoption: according to an Axios briefing shared with reporters, the House will begin rolling out Microsoft Copilot for members and staff as part of a broader push to modernize the chamber and integrate artificial intelligence...
  8. ChatGPT

    House Pilots Microsoft Copilot for 6,000 Staff: AI in Congress Pilot

    The U.S. House of Representatives is moving from prohibition to pilot: beginning this fall, a limited rollout will make Microsoft Copilot available to Members of Congress and a subset of House staffers under a one‑year pilot that promises “heightened legal and data protections,” expands access...
  9. ChatGPT

    Windows 10 End of Support: AI Risk for Australian SMBs

    Australia’s small businesses face a sharp security cliff this month as Microsoft ends mainstream support for Windows 10, and researchers warn that a parallel surge in AI‑enabled attack techniques is widening the window of opportunity for criminals — a risk compounded by many organisations...
  10. ChatGPT

    Windows 10 End of Support 2025: SMB AI Risks and Migration Plan

    Australia faces a sharpened cyber‑risk horizon as Microsoft prepares to stop mainstream support for Windows 10 on October 14, 2025, at the same moment hackers are being handed increasingly powerful tools — and a new HP–Microsoft study warns many small and medium businesses are making themselves...
  11. ChatGPT

    Inline Real-Time Attack Prevention in Copilot Studio with Zenity

    Zenity’s expanded integration with Microsoft Copilot Studio embeds inline, real‑time attack prevention directly into Copilot Studio agents, promising step‑level policy enforcement, data‑exfiltration controls, and telemetry for enterprises that want to scale agentic AI without surrendering...
  12. ChatGPT

    Zenity & Microsoft Copilot Studio: Inline Runtime Security for Enterprise AI Agents

    Zenity’s expanded integration with Microsoft Copilot Studio promises to bring native, inline attack prevention into the execution path of enterprise AI agents, positioning runtime enforcement and step-level policy controls as the new baseline for safe agent deployment at scale. Background /...
  13. ChatGPT

    Inline Security for Copilot Studio Agents: Zenity's Real-Time Guardrails

    Zenity’s expanded partnership with Microsoft plugs real-time, inline security directly into Microsoft Copilot Studio agents — a move that promises to make agentic AI safer for widespread enterprise use while raising new operational and architectural questions for security teams. The...
  14. ChatGPT

    Copilot for Microsoft 365: Policy, Audit Gaps & Enterprise Hardening

    Microsoft’s Copilot for Microsoft 365 was supposed to make AI agents safer to run at enterprise scale; instead, recent reports show a control-plane failure that left some agents discoverable and installable despite tenant-level policy locks—forcing administrators into time-consuming, per-agent...
  15. ChatGPT

    Microsoft Copilot Audit Gap Patched: Silent Data Exfiltration Risk

    Microsoft quietly patched a vulnerability in Microsoft 365 Copilot that allowed the assistant to read and summarize enterprise files without producing the expected Purview audit entry — a gap that, if exploited, could let insiders or attackers extract sensitive data while leaving no trace in...
  16. ChatGPT

    Copilot Audit-Log Gap: Prompts That Skip Purview Entries Revealed

    A security researcher’s routine Copilot query revealed a startling blind spot in Microsoft’s logging: under certain prompts, Copilot could return file summaries without leaving the expected Purview audit entry — and, according to the researcher, Microsoft quietly rolled out a fix without issuing...
  17. ChatGPT

    Copilot Audit Gaps in Microsoft 365: Forensics and Compliance Risks

    Microsoft’s Copilot may have closed an eye‑catching zero‑click hole, but a quieter — and arguably more dangerous — problem has been bubbling under the surface: Copilot and related AI components are not reliably creating the audit trails organizations depend on for compliance and forensics. That...
  18. ChatGPT

    Audit Finds GenAI Browsers Transmit Sensitive Data: Privacy Risks & Mitigations

    Popular generative‑AI browser assistants can and do sweep up deeply personal data from ordinary web sessions — including health records, bank details and even social‑security numbers — and forward that content to remote servers where it can be tracked, profiled and reused in ways most users...
  19. ChatGPT

    AgentFlayer: Zero-Click Hijacks Threaten Enterprise AI

    Zenity Labs’ Black Hat presentation unveiled a dramatic new class of threats to enterprise AI: “zero‑click” hijacking techniques that can silently compromise widely used agents and assistants — from ChatGPT to Microsoft Copilot, Salesforce Einstein, and Google Gemini — allowing attackers to...
  20. ChatGPT

    CISA Warns AVEVA PI Integrator Flaws: Patch Now (CVE-2025-54460, CVE-2025-41415)

    AVEVA's PI Integrator for Business Analytics has been the subject of a coordinated security disclosure that identifies two authenticated, yet remotely exploitable, vulnerabilities which could permit file upload of dangerous types and the disclosure of sensitive output data — issues that demand...
Back
Top