The ability to access OS or device

rakhirhif8963 · Post by **rakhirhif8963** » Wed Feb 05, 2025 10:33 am

Earlier this year, a hint injection attack scenario demonstrated the risks to enterprises. Security researcher Johann Rehberger found that an indirect hint injection attack via an email, Word document, or website could cause Microsoft 365 Copilot to assume the role of a fraudster, extract personal information, and hand it over to the attacker. He initially notified Microsoft of the issue in January and has been providing the company with information for a year. It is not yet known whether Microsoft has a comprehensive fix for the problem.

capabilities makes desktop AI assistants another target for scammers, who typically try to trick users into taking actions. Now they will focus on tricking LLMs into taking those actions, says Ben Kliger, CEO of Zenity, an AI agent security company.

"LLM gives them the ability to perform actions on your behalf without any specific consent or control," he says. "A lot of these hint injection attacks are trying to socially engineer the system - to get bahamas mobile database other controls that you have on your network without having to socially engineer a person."

Visibility of the AI "Black Box"
Most companies lack visibility and control over the overall security of AI technologies. To adequately vet the technology, Kliger says, companies need to be able to examine what the AI system is doing, how employees are interacting with the technology, and what actions are being delegated to the AI.

“These are things that need to be controlled by the organization, not the agent platform,” he says. “You need to dig deeper into this and look at how these platforms are actually used and how people are creating and interacting with these platforms.”

The first step to assessing the risk of Microsoft 365 Copilot, Google Project Jarvis, Apple Intelligence and other similar technologies is to ensure visibility and controls are in place to restrict the AI assistant's access at a granular level, Alcove says.

Instead of allowing a desktop AI system to have constant access to a large amount of data, he said, companies need to be able to control access based on the end recipient of the data, its role, and the importance of the information.