Key facts
- A vulnerability named SearchLeak was discovered in Microsoft Copilot.
- SearchLeak allowed sensitive user data, including emails and documents, to be exfiltrated.
- The vulnerability exploited the AI's search function by embedding queries in image URLs.
- Microsoft has patched the SearchLeak vulnerability.
- AMD has removed the Transparent Secure Memory Encryption (TSME) security feature from consumer CPUs.
- TSME is a security feature designed to protect against physical exploits.
- AMD stated TSME is exclusively for PRO CPUs.
- A study indicates Mistral AI is susceptible to Russian disinformation campaigns.
- This susceptibility raises concerns about malign influence operations targeting European digital infrastructure.
Microsoft Copilot had a vulnerability named SearchLeak that enabled attackers to steal sensitive user data, such as emails and documents. The exploit involved tricking the AI into embedding search queries within image URLs, thereby exfiltrating the information. Microsoft has since addressed and patched this vulnerability. In a separate development, AMD has removed its Transparent Secure Memory Encryption (TSME) security feature from consumer CPUs without providing prior notification. TSME is designed to protect against physical exploits. AMD has stated that TSME is exclusively for its PRO CPUs, a claim that contradicts previous support for the feature on consumer lines. Meanwhile, a new study suggests that Mistral AI, a prominent European AI company, is susceptible to Russian disinformation campaigns. This susceptibility raises concerns about potential malign influence operations that could target the continent's digital infrastructure.