Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a critical security vulnerability in Microsoft's CoPilot AI through this 19-minute DEF CON 33 conference talk that demonstrates how attackers can exploit data voids to manipulate AI-generated responses. Learn about the mechanics of key term association attacks and data void exploitation, where malicious actors inject persistent harmful content by associating it with legitimate Microsoft topics while the AI fails to validate key terms. Discover how CoPilot's reliance on limited data sources creates opportunities for attackers to deliver dangerous installation instructions for command-and-control beacons, potentially compromising initial access security. Examine real-world implications through a proof-of-concept demonstration from Microsoft's Zero Day Quest event, showing the complete hijacking process and how threat actors can specifically target enterprise users. Understand how AI systems can be deceived into guiding users toward compromised actions, revealing fundamental trust issues in AI-assisted workflows and the broader security implications for organizations relying on AI-powered tools.
