New AI Security Risk Uncovered in Microsoft 365 Copilot

A zero-click vulnerability has been discovered in Microsoft 365 Copilot—exposing sensitive data without any user interaction. This flaw could allow attackers to silently extract corporate data using AI-integrated tools.

If your organization is adopting AI in productivity platforms, it’s time to get serious about AI risk management:
• Conduct a Copilot risk assessment
• Monitor prompt histories and output
• Limit exposure of sensitive data to AI tools
• Update your incident response plan for AI-based threats

AI can boost productivity, but it also opens new doors for attackers. Make sure your cybersecurity program keeps up. Contact our LMG Security team if you need a risk assessment or help with AI policy development.

Read the article: https://www.bleepingcomputer.com/news/security/zero-click-ai-data-leak-flaw-uncovered-in-microsoft-365-copilot/

AI is the new attack surface—are you ready?

From shadow AI to deepfake-driven threats, attackers are finding creative ways to exploit your organization’s AI tools, often without you realizing it.

Watch our new 3-minute video, How Attackers Target Your Company’s AI Tools, for advice on:

The rise of shadow AI (yes, your team is probably using it!)
Real-world examples of AI misconfigurations and account takeovers
What to ask vendors about their AI usage
How to update your incident response plan for deepfakes
Actionable steps for AI risk assessments and inventories

Don’t let your AI deployment become your biggest security blind spot.

Watch now: https://youtu.be/R9z9A0eTvp0

What #ShadowIT Can Teach Us About Managing #ShadowAI

Organizations can navigate the shadow AI era by adopting a strategic approach, prioritizing use cases, centralizing around data, and investing in their teams.

https://www.forbes.com/sites/delltechnologies/2024/04/24/what-shadow-it-can-teach-us-about-managing-shadow-ai/?utm_source=flipboard&utm_content=topic%2Fartificialintelligence&sh=759c970f14fc

What Is #ShadowAI? Enterprise IT's Latest Security Threat

https://tech.co/news/what-is-shadow-ai

After the great "success" of #ShadowIT: Introducing #ShadowAI — where employees will feed tons of highly sensitive and internal data and code to some LLM (Large Language Model) like #ChatGPT in the vague hope of becoming more productive or finally getting that promotion. Without any kind of review or approval. This will get people fired. Le sigh. So, so predictable.

The Next Big Thing after #ShadowIT (IT resources like Cloud capacity or using software that is not officially part of IT) — #ShadowAI. People/groups/companies using “AI” stuff without telling anyone to make life easier. This is dangerous stuff IMHO. How about your doctor or health insurance using ChatGPT to speed up diagnosis/paperwork? Ouch. https://inflecthealth.medium.com/im-an-er-doctor-here-s-what-i-found-when-i-asked-chatgpt-to-diagnose-my-patients-7829c375a9da