pentestpartners.com/security-b

Something to be aware of if you work in a Microsoft shop with security requirements: Copilot on Sharepoint will apparently allow ACL bypass without logging or alerting.

You can just ask it for things.

It looks like what's going on under the hood here is that Copilot introduces a new category of user account for their agents, who have expansive read permissions by default and Copilot doesn't know how to map what the agent _can_ read against user permissions.

0
0
0

If you have a fediverse account, you can quote this note from your own instance. Search https://mastodon.social/users/mhoye/statuses/114473063306352182 on your instance and quote it. (Note that quoting is not supported in Mastodon.)