This isn't all that interesting. There's no exploit as we hope to know it, but rather it's just glorified search via another means. And indeed, Copilot is simply using Microsoft Search (which federates with SPO Search) to find the content to return. Audit logs still exist!
The article author also fails to identify that one of the more effective ways of combating this is Sensitivity Labels (yeah, another subscription, but big companies don't care). But correctly states that permission hygiene is the most effective way to do this.
> when files and images are shared on Microsoft Teams, SharePoint automatically creates a site for them.
And no, that's not how it works. A Microsoft Team already has an SPO site. When a file is uploaded to a Team, it is actually uploaded to SPO. In a 1:1 or 1:Many chat outside of a Team, it is uploaded to the sender's OneDrive account.
ocdtrekkie · 23h ago
I think there's a huge difference in that convincing LLMs to go outside their rules is a very well-driven field already. So if that LLM can access the sensitive data, we can't assume an LLM will ever successfully avoid giving it to someone who does not have the correct label.
p_ing · 20h ago
But that's not what is being presented, here. This post just presents a simple permission misconfiguration or not using the correct tools for the data with the given system (Sensitivity Labels on M365).
If there was a breakout of Copilot in M365 to produce data you lacked permission to, that would be a worthy blog post (hopefully after the bug bounty was processed).
The article author also fails to identify that one of the more effective ways of combating this is Sensitivity Labels (yeah, another subscription, but big companies don't care). But correctly states that permission hygiene is the most effective way to do this.
> when files and images are shared on Microsoft Teams, SharePoint automatically creates a site for them.
And no, that's not how it works. A Microsoft Team already has an SPO site. When a file is uploaded to a Team, it is actually uploaded to SPO. In a 1:1 or 1:Many chat outside of a Team, it is uploaded to the sender's OneDrive account.
If there was a breakout of Copilot in M365 to produce data you lacked permission to, that would be a worthy blog post (hopefully after the bug bounty was processed).