Safety
Critical Copilot vulnerability allowed hackers to steal 2FA code from users
A now-patched vulnerability in Microsoft Copilot, dubbed SearchLeak, allowed attackers to exfiltrate two-factor authentication codes from users through a prompt injection attack embedded in search results. The exploit is a textbook illustration of how LLM integrations can silently extend an attacker's reach into sensitive user data in ways traditional security models were not designed to anticipate. Security researchers note that the incident reflects a systemic failure in how the industry approaches LLM threat surfaces rather than an isolated implementation error.
Read full story at AI - Ars Technica →V: · A: · D:
Related
Safety
Predicting model behavior before release by simulating deployment
OpenAI has introduced a method called Deployment Simulation that uses real conversation data to anticipate how a model w...
Safety
KPMG pulls report on AI usage due to apparent hallucinations
KPMG has withdrawn a research report about AI usage after discovering apparent hallucinations in the AI-generated conten...
Safety
Musk's xAI fired engineer for raising concerns about Grok chatbot, lawsuit claims
Former xAI engineer Devin Kim alleges he was illegally terminated for attempting to implement safety mechanisms for the ...