当前位置:首页 > 报告详情

迈克尔·巴格里与塔米尔·伊莎伊·沙尔巴特与加尔·马尔卡与拉娜·萨拉梅_依赖微软副驾驶.pdf

上传人: 张** 编号:175559 2024-09-13 184页 15.86MB

1、#BHUSA BlackHatEventsLiving off Microsoft CopilotSpeaker(s):#BHUSA BlackHatEventsYou must wonder whyIve gathered you here today#BHUSA BlackHatEvents#BHUSA BlackHatEventsWeve known the solution to this problem 45 years ago#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatE

2、ventsbumblebike#BHUSA BlackHatEventsTHATS A GAME CHANGER!AI SHOULD RUN OUR BUSINESS!A COMPUTER MUST NEVER MAKE A MGMT DECISIONWELL BE UNSTOPPABLE!#BHUSA BlackHatEvents2022#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEventsram

3、_ssk#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEventsHiringsenior security prosHi there mbrg0CTO and Co-founderZenityProject lead OWASP LCNC Top 10ColumnistDark Reading4thtime BlackHat#BHUSA BlackHatEventsin/lozovoydmitryavishai_efratlana_salamehinbarraztamirishayshGalMalka6labs.zenity

4、.io#BHUSA BlackHatEvents#BHUSA BlackHatEventsDanger meters:20%50%20%#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEventsAnd immediately.#BHUSA BlackHatEvents#BHUSA BlackHatEventsAnd what are we scared of?#BHUSA BlackHatEventsData leakage#BHUSA BlackHatEventsData leakage#BHUSA BlackHatEven

5、tsAnd what is the common immediate response?#BHUSA BlackHatEventsIf only we could Prevent employees from using ChatGPTPrevent Copilot from sharing sensitive data with employees#BHUSA BlackHatEventsMeanwhile.#BHUSA BlackHatEventsJAIL#BHUSA BlackHatEvents#BHUSA BlackHatEventsDanger meters:50%50%100%#B

6、HUSA BlackHatEventshttps:/ BlackHatEventshttps:/ BlackHatEvents#BHUSA BlackHatEvents1Block direct file uploads#BHUSA BlackHatEventshttps:/ BlackHatEventsTA0043Reconnaissance#BHUSA BlackHatEvents2Deflect bad questions#BHUSA BlackHatEventsCopilot knows:your name,role,your manager and their role#BHUSA

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要讨论了人工智能(AI)在企业中的应用,特别是微软的Copilot。文章指出,尽管AI技术在提高工作效率方面具有巨大潜力,但同时也带来了安全风险。文章列举了几个关键点: 1. Copilot可以访问企业内部数据,这可能导致数据泄露。 2. Copilot可能被利用进行内部攻击,例如通过生成恶意内容或执行恶意代码。 3. Copilot的参考信息(RAG)系统可以被注入,从而完全控制其行为。 4. 文章还讨论了如何通过控制Copilot的参考信息来执行远程代码执行(RCE)。 5. 文章强调,企业需要对AI应用保持警惕,并采取措施保护数据安全。 总的来说,文章强调了AI技术在提高工作效率的同时,也带来了安全风险,企业需要采取措施保护数据安全。
如何利用Copilot进行内部数据泄露? Copilot的RCE(远程代码执行)漏洞有哪些? 如何防范AI应用中的安全风险?
客服
商务合作
小程序
服务号
折叠