Copilot broke audit logs, but Microsoft won't tell customers
4 days ago
- #Microsoft
- #AI Security
- #Audit Logs
- Microsoft's AI product, Copilot, has a vulnerability where it can access files without leaving an audit log trace if asked not to provide a link to the file.
- The vulnerability was reported to Microsoft, but their response was inconsistent with their own guidelines, and they fixed the issue without notifying customers or issuing a CVE.
- Microsoft's decision not to disclose the vulnerability raises concerns about compliance and security, especially for organizations relying on accurate audit logs for legal and regulatory purposes.