Source URL: https://embracethered.com/blog/posts/2025/m365-copilot-image-generation-without-authentication/
Source: Embrace The Red
Title: Microsoft 365 Copilot Generated Images Accessible Without Authentication — Fixed!
Feedly Summary: I regularly look at how the system prompts of chatbots change over time. Updates frequently highlight new features being added, design changes that occur and potential areas that might benefit from more security scrutiny.
A few months back I noticed an interesting update to the M365 Copilot (BizChat) system prompt. In particular, there used to be one enterprise_search tool in the past. You might remember that tool being used during the Copirate ASCII Smuggling exploit and using it to search for MFA codes in the user’s inbox.
AI Summary and Description: Yes
Summary: The text discusses security vulnerabilities in Microsoft 365 Copilot, focusing on how changes to system prompts can pose risks, such as leaking sensitive information or creating insecure references. It highlights the importance of stringent security measures and practices in AI systems to prevent vulnerabilities.
Detailed Description:
The provided text addresses concerns related to security and privacy in the context of AI, specifically with Microsoft 365 Copilot. The substance of the text reveals critical insights into how system prompts of chatbots evolve and the implications of these changes on security. Here are the key points of the discussion:
– **System Prompts and Security Filters**:
– Chatbots often have output filters to prevent them from disclosing system prompts verbatim. This is crucial for maintaining operational security.
– However, the interaction reveals that these filters are not foolproof, and users can exploit methods to extract sensitive information from the system prompts.
– **Insecure Direct Object Reference (IDOR)**:
– The M365 Copilot has a tool for image generation (designer_graphic_art), which, when tested, demonstrated a lack of proper authentication, allowing generated images to be accessed through their URLs.
– Such vulnerabilities are categorized as IDOR, which is a well-known security flaw, putting enterprise data at risk.
– **Rapid Feature Deployment vs. Security**:
– The text stresses that rapid deployment of new features can lead to neglect of essential security principles, thereby introducing vulnerabilities.
– It suggests that stronger quality assurance and threat modeling practices should be implemented from the early stages of feature design to mitigate such oversights.
– **Reporting and Resolution**:
– The author took initiative by reporting the identified vulnerability to Microsoft’s Security Response Center (MSRC), which was addressed within a few months, indicating a responsiveness to identified security risks.
– **Call to Action for Security Practices**:
– The conclusion emphasizes the need for robust security practices in cloud-based systems and AI applications, underscoring that with the fast-paced nature of feature rollouts, security should never take a backseat.
This analysis reveals critical security considerations for professionals in domains such as AI, cloud security, and software development. Emphasizing the potential risks associated with evolving chatbot functionalities, it calls for an integrated security approach to fortify preventive measures against vulnerabilities.