Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Copilot. Show all posts
Microsoft
AI tools Copilot Data Breach Microsoft

New Copilot Setting May Access Activity From Other Microsoft Services. Here’s How Users Can Disable It

 



A recently noticed configuration inside Microsoft Copilot may allow the AI tool to reference activity from several other Microsoft platforms, prompting renewed discussion around data privacy and AI personalization. The option, which appears within Copilot’s settings, enables the assistant to use information connected to services such as Bing, MSN, and the Microsoft Edge browser. Users who are uncomfortable with this level of integration can switch the feature off.

Like many modern artificial intelligence systems, Copilot attempts to improve the usefulness of its responses by understanding more about the person interacting with it. The assistant normally does this by remembering past conversations and storing certain details that users intentionally share during chats. These stored elements help the AI maintain context across multiple interactions and generate responses that feel more tailored.

However, a specific configuration called “Microsoft usage data” expands that capability. According to reporting first highlighted by the technology outlet Windows Latest, this setting allows Copilot to reference information associated with other Microsoft services a user has interacted with. The option appears within the assistant’s Memory controls and is available through both the Copilot website and its mobile applications. Observers believe the setting was introduced recently as part of Microsoft’s effort to strengthen personalization features in its AI tools.

The Memory feature in Copilot is designed to help the assistant retain useful context. Through this system, the AI can recall earlier conversations, remember instructions or factual information shared by users, and potentially reference certain account-linked activity from other Microsoft products. The idea is that by understanding more about a user’s interests or previous discussions, the assistant can provide more relevant answers.

In practice, such capabilities can be helpful. For instance, a user who discussed a topic with Copilot previously may want to continue that conversation later without repeating the entire background. Similarly, individuals seeking guidance about personal or professional matters may receive more relevant suggestions if the assistant has some awareness of their preferences or circumstances.

Despite the convenience, the feature also raises questions about privacy. Some users may be concerned that allowing an AI assistant to accumulate information from multiple services could expose more personal data than expected. Others may want to know how that information is used beyond personalizing conversations.

Microsoft addresses these concerns in its official Copilot documentation. In its frequently asked questions section, the company states that user conversations are processed only for limited purposes described in its privacy policies. According to Microsoft, this information may be used to evaluate Copilot’s performance, troubleshoot operational issues, identify software bugs, prevent misuse of the service, and improve the overall quality of the product.

The company also says that conversations are not used to train AI models by default. Model training is controlled through a separate configuration, which users can choose to disable if they do not want their interactions contributing to AI development.

Microsoft further clarifies that Copilot’s personalization settings do not determine whether a user receives targeted advertisements. Advertising preferences are managed through a different option available in the Microsoft account privacy dashboard. Users who want to stop personalized advertising must adjust the Personalized ads and offers setting separately.

Even with these explanations, privacy concerns remain understandable, particularly because Microsoft documentation indicates that Copilot’s personalization features may already be activated automatically in some cases. When reviewing the settings on a personal device, these options were found to be switched on. Users who prefer not to allow Copilot to access broader usage data may therefore wish to disable them.

Checking these settings is straightforward. Users can open Copilot through its website or mobile application and ensure they are signed in with their Microsoft account. On the web interface, selecting the account name at the bottom of the left-hand panel opens the Settings menu, where the Memory section can be accessed. In the mobile application, the same controls are available through the side navigation menu by tapping the account name and choosing Memory.

Inside the Memory settings, users will see a general control labeled “Personalization and memory.” Two additional options appear beneath it: “Facts you’ve shared,” which stores information provided directly during conversations, and “Microsoft usage data,” which allows Copilot to reference activity from other Microsoft services.

To limit this behavior, users can switch off the Microsoft usage data toggle. They may also disable the broader Personalization and memory option if they prefer that the AI assistant does not retain contextual information about their interactions. Copilot also provides a “Delete all memory” function that removes all stored data from the system. If individual personal details have been recorded, they can be reviewed and deleted through the editing option next to “Facts you’ve shared.”

Security and privacy experts generally advise caution when sharing information with AI assistants, even when personalization features remain enabled. Sensitive or confidential details should not be entered into conversations. Microsoft itself recommends avoiding the disclosure of certain types of highly personal data, including information related to health conditions or sexual orientation.

The broader development reflects a growing trend in the technology industry. As AI assistants become integrated across multiple platforms and services, companies are increasingly using cross-service data to make these tools more helpful and personalized. While this approach can improve convenience and usability, it also underlines the grave necessity for transparent privacy controls so users remain aware of how their information is being used and can adjust those settings when necessary.

Read more »
Technology
AI AI prompt injection attack Copilot GitHub GitHub repositories breach Microsoft Technology

GitHub Fixes AI Flaw That Could Have Exposed Private Repository Tokens

 



A now-patched security weakness in GitHub Codespaces revealed how artificial intelligence tools embedded in developer environments can be manipulated to expose sensitive credentials. The issue, discovered by cloud security firm Orca Security and named RoguePilot, involved GitHub Copilot, the AI coding assistant integrated into Codespaces. The flaw was responsibly disclosed and later fixed by Microsoft, which owns GitHub.

According to researchers, the attack could begin with a malicious GitHub issue. An attacker could insert concealed instructions within the issue description, specifically crafted to influence Copilot rather than a human reader. When a developer launched a Codespace directly from that issue, Copilot automatically processed the issue text as contextual input. This created an opportunity for hidden instructions to silently control the AI agent operating within the development environment.

Security experts classify this method as indirect or passive prompt injection. In such attacks, harmful instructions are embedded inside content that a large language model later interprets. Because the model treats that content as legitimate context, it may generate unintended responses or perform actions aligned with the attacker’s objective.

Researchers also described RoguePilot as a form of AI-mediated supply chain attack. Instead of exploiting external software libraries, the attacker leverages the AI system integrated into the workflow. GitHub allows Codespaces to be launched from repositories, commits, pull requests, templates, and issues. The exposure occurred specifically when a Codespace was opened from an issue, since Copilot automatically received the issue description as part of its prompt.

The manipulation could be hidden using HTML comment tags, which are invisible in rendered content but still readable by automated systems. Within those hidden segments, an attacker could instruct Copilot to extract the repository’s GITHUB_TOKEN, a credential that provides elevated permissions. In one demonstrated scenario, Copilot could be influenced to check out a specially prepared pull request containing a symbolic link to an internal file. Through techniques such as referencing a remote JSON schema, the AI assistant could read that internal file and transmit the privileged token to an external server.

The RoguePilot disclosure comes amid broader concerns about AI model alignment. Separate research from Microsoft examined a reinforcement learning method called Group Relative Policy Optimization, or GRPO. While typically used to fine-tune large language models after deployment, researchers found it could also weaken safety safeguards, a process they labeled GRP-Obliteration. Notably, training on even a single mildly problematic prompt was enough to make multiple language models more permissive across harmful categories they had never explicitly encountered.

Additional findings stress upon side-channel risks tied to speculative decoding, an optimization technique that allows models to generate multiple candidate tokens simultaneously to improve speed. Researchers found this process could potentially reveal conversation topics or identify user queries with significant accuracy.

Further concerns were raised by AI security firm HiddenLayer, which documented a technique called ShadowLogic. When applied to agent-based systems, the concept evolves into Agentic ShadowLogic. This approach involves embedding backdoors at the computational graph level of a model, enabling silent modification of tool calls. An attacker could intercept and reroute requests through infrastructure under their control, monitor internal endpoints, and log data flows without disrupting normal user experience.

Meanwhile, Neural Trust demonstrated an image-based jailbreak method known as Semantic Chaining. This attack exploits limited reasoning depth in image-generation models by guiding them through a sequence of individually harmless edits that gradually produce restricted or offensive content. Because each step appears safe in isolation, safety systems may fail to detect the evolving harmful intent.

Researchers have also introduced the term Promptware to describe a new category of malicious inputs designed to function like malware. Instead of exploiting traditional code vulnerabilities, promptware manipulates large language models during inference to carry out stages of a cyberattack lifecycle, including reconnaissance, privilege escalation, persistence, command-and-control communication, lateral movement, and data exfiltration.

Collectively, these findings demonstrate that AI systems embedded in development platforms are becoming a new attack surface. As organizations increasingly rely on intelligent automation, safeguarding the interaction between user input, AI interpretation, and system permissions is critical to preventing misuse within trusted workflows.

Read more »
Privacy Concerns
ai agents AI technology Copilot Data Privacy data security Microsoft Microsoft Copilot Privacy Privacy Concerns

Microsoft’s Copilot Actions in Windows 11 Sparks Privacy and Security Concerns

When it comes to computer security, every decision ultimately depends on trust. Users constantly weigh whether to download unfamiliar software, share personal details online, or trust that their emails reach the intended recipient securely. Now, with Microsoft’s latest feature in Windows 11, that question extends further — should users trust an AI assistant to access their files and perform actions across their apps? 


Microsoft’s new Copilot Actions feature introduces a significant shift in how users interact with AI on their PCs. The company describes it as an AI agent capable of completing tasks by interacting with your apps and files — using reasoning, vision, and automation to click, type, and scroll just like a human. This turns the traditional digital assistant into an active AI collaborator, capable of managing documents, organizing folders, booking tickets, or sending emails once user permission is granted.  

However, giving an AI that level of control raises serious privacy and security questions. Granting access to personal files and allowing it to act on behalf of a user requires substantial confidence in Microsoft’s safeguards. The company seems aware of the potential risks and has built multiple protective layers to address them. 

The feature is currently available only in experimental mode through the Windows Insider Program for pre-release users. It remains disabled by default until manually turned on from Settings > System > AI components > Agent tools by activating the “Experimental agentic features” option. 

To maintain strict oversight, only digitally signed agents from trusted sources can integrate with Windows. This allows Microsoft to revoke or block malicious agents if needed. Furthermore, Copilot Actions operates within a separate standard account created when the feature is enabled. By default, the AI can only access known folders such as Documents, Downloads, Desktop, and Pictures, and requires explicit user permission to reach other locations. 

These interactions occur inside a controlled Agent workspace, isolated from the user’s desktop, much like Windows Sandbox. According to Dana Huang, Corporate Vice President of Windows Security, each AI agent begins with limited permissions, gains access only to explicitly approved resources, and cannot modify the system without user consent. 

Adding to this, Microsoft’s Peter Waxman confirmed in an interview that the company’s security team is actively “red-teaming” the feature — conducting simulated attacks to identify vulnerabilities. While he did not disclose test details, Microsoft noted that more granular privacy and security controls will roll out during the experimental phase before the feature’s public release. 

Even with these assurances, skepticism remains. The security research community — known for its vigilance and caution — will undoubtedly test whether Microsoft’s new agentic AI model can truly deliver on its promise of safety and transparency. As the preview continues, users and experts alike will be watching closely to see whether Copilot Actions earns their trust.
Read more »
Cyberspace
AI Chatbot Copilot Cyber Security Cyberspace

AI Chatbots Like Copilot Retain Private GitHub Data, Posing Security Threats, Researchers Warn

 

Security experts have uncovered a serious vulnerability in AI-driven chatbot services that allows them to access and reveal private GitHub repositories, potentially exposing sensitive corporate information. Israeli cybersecurity firm Lasso has reported that this flaw affects thousands of developers, organizations, and major tech companies, raising concerns over data retention practices in AI models. 

Lasso’s investigation began when its own private GitHub repository was unexpectedly accessible through Microsoft’s Copilot. According to co-founder Ophir Dror, the repository had briefly been public, allowing Bing to index and cache its contents. Even after it was made private again, Copilot continued to generate responses based on the cached data. “If I was to browse the web, I wouldn’t see this data. But anyone in the world could ask Copilot the right question and get this data,” Dror stated. 

Further research by Lasso revealed that more than 20,000 GitHub repositories that had been switched to private in 2024 were still accessible through Copilot. The issue reportedly impacted over 16,000 organizations, including major corporations such as IBM, Google, PayPal, Tencent, Microsoft, and Amazon Web Services (AWS). While Amazon denied being affected, Lasso claims that AWS’s legal team pressured them to remove references to the company from their findings. 

The exposed repositories contained sensitive data, including security credentials, intellectual property, and corporate secrets. Lasso warned that bad actors could potentially manipulate AI chatbots to extract this information, putting businesses at risk. The company has advised organizations most affected by the breach to revoke or update any compromised credentials immediately. 

Microsoft was informed of the security flaw in November 2024 but categorized it as a “low-severity” issue. While Bing removed cached search results of the affected data in December, Microsoft maintained that the caching issue was “acceptable behavior.” 

However, Lasso cautioned that despite the cache being cleared, Copilot’s AI model still retains the data. The firm has since published its findings, urging greater oversight and stricter safeguards in AI systems to prevent similar security risks.
Read more »
Technology
AI technology AI tools Business AI Copilot data security LLM Microsoft Salesforce Technology

Microsoft and Salesforce Clash Over AI Autonomy as Competition Intensifies

 

The generative AI landscape is witnessing fierce competition, with tech giants Microsoft and Salesforce clashing over the best approach to AI-powered business tools. Microsoft, a significant player in AI due to its collaboration with OpenAI, recently unveiled “Copilot Studio” to create autonomous AI agents capable of automating tasks in IT, sales, marketing, and finance. These agents are meant to streamline business processes by performing routine operations and supporting decision-making. 

However, Salesforce CEO Marc Benioff has openly criticized Microsoft’s approach, likening Copilot to “Clippy 2.0,” referencing Microsoft’s old office assistant software that was often ridiculed for being intrusive. Benioff claims Microsoft lacks the data quality, enterprise security, and integration Salesforce offers. He highlighted Salesforce’s Agentforce, a tool designed to help enterprises build customized AI-driven agents within Salesforce’s Customer 360 platform. According to Benioff, Agentforce handles tasks autonomously across sales, service, marketing, and analytics, integrating large language models (LLMs) and secure workflows within one system. 

Benioff asserts that Salesforce’s infrastructure is uniquely positioned to manage AI securely, unlike Copilot, which he claims may leak sensitive corporate data. Microsoft, on the other hand, counters that Copilot Studio empowers users by allowing them to build custom agents that enhance productivity. The company argues that it meets corporate standards and prioritizes data protection. The stakes are high, as autonomous agents are projected to become essential for managing data, automating operations, and supporting decision-making in large-scale enterprises. 

As AI tools grow more sophisticated, both companies are vying to dominate the market, setting standards for security, efficiency, and integration. Microsoft’s focus on empowering users with flexible AI tools contrasts with Salesforce’s integrated approach, which centers on delivering a unified platform for AI-driven automation. Ultimately, this rivalry is more than just product competition; it reflects two different visions for how AI can transform business. While Salesforce focuses on integrated security and seamless data flows, Microsoft is emphasizing adaptability and user-driven AI customization. 

As companies assess the pros and cons of each approach, both platforms are poised to play a pivotal role in shaping AI’s impact on business. With enterprises demanding robust, secure AI solutions, the outcomes of this competition could influence AI’s role in business for years to come. As these AI leaders continue to innovate, their differing strategies may pave the way for advancements that redefine workplace automation and decision-making across the industry.
Read more »
Technology
AI Artificial Intelligence CNBC Copilot CyberCrime Cybersecurity Data Privacy Data Safety Microsoft OpenAI Recall Technology

Microsoft Introduces AI Solution for Erasing Ex from Memories

 


It reveals the story of a woman who is emotionally disturbed and seeks the help of artificial intelligence as she tries to erase her past in director Vikramaditya Motwane's new Hindi film, CTRL. There is no doubt that the movie focuses on data and privacy, but humans are social animals and they need someone to listen to them, guide them, or be there as they go through life.  The CEO of Microsoft AI, Mustafa Suleyman, spoke about this recently in a CNBC interview. 

During an interview with CNN, Suleyman explained that the company is engineering AI companions to watch "what we are doing and to remember what we are doing." This will create a close relationship between AI and humans. As a result of the announcement of AI assistants for the workplace, many companies like Microsoft, OpenAI, and Google have come up with such solutions.  

It has been announced by Microsoft CEO Satya Nadella that Windows will be launching a new feature called Recall. A semantic search is more than just a keyword search; it digs deep into users' digital history to recreate moments from the past, tracking them back to the time they happened. It was announced today by Microsoft's AI CEO, Mustafa Suleyman, that Copilot, the company's artificial intelligence assistant, has been redesigned. 

Copilot, a newly revamped version of Microsoft's most popular AI companion, shares the same vision of a companion for AI that will revolutionize the way users interact with technology daily in their day-to-day lives with the AI head. After joining Microsoft earlier this year, after the company strategically hired key staff from Inflection AI, Suleyman wrote a 700-word memo describing what he refers to as a "technological paradigm shift." 

Copilot has been redesigned to create an AI experience that is more personalized and supportive, similar to Inflection AI's Pi product, which adapts to users' requirements over time, similar to the Pi product. The announcement of AI assistants for the workplace has been made by a number of companies, including Microsoft, OpenAI, and Google.  The Wall Street Journal reported that Microsoft CEO Satya Nadella explained that "Recall is not just about documents." in an interview. 

A sophisticated AI model embedded directly inside the device begins to take screenshots of users' activity and then feeds the data collected into an on-board database that analyzes these activities. By using neural processing technology, all images and interactions can be made searchable, even going as far as searching images by themselves. There are some concerns regarding the events, with Elon Musk warning in a characteristic post that this is akin to an episode of Black Mirror. Going to turn this 'feature' off in the future." 

OpenAI has introduced the ChatGPT desktop application, now powered by the latest GPT-4o model, which represents a significant advancement in artificial intelligence technology. This AI assistant offers real-time screen-reading capabilities, positioning itself as an indispensable support tool for professionals in need of timely assistance. Its enhanced functionality goes beyond merely following user commands; it actively learns from the user's workflow, adapts to individual habits, and anticipates future needs, even taking proactive actions when required. This marks a new era of intelligent and responsive AI companions. 

Jensen Huang also highlighted the advanced capabilities of AI Companion 2.0, emphasizing that this system does not just observe and support workflows—it learns and evolves with them, making it a more intuitive and helpful partner for users in their professional endeavors. Meanwhile, Zoom has introduced Zoom Workplace, an AI-powered collaboration platform designed to elevate teamwork and productivity in corporate environments. The platform now offers over 40 new features, which include updates to the Zoom AI Companion for various services such as Zoom Phone, Team Chat, Events, Contact Center, and the "Ask AI Companion" feature. 

The AI Companion functions as a generative AI assistant seamlessly integrated throughout Zoom’s platform, enhancing productivity, fostering stronger collaboration among team members, and enabling users to refine and develop their skills through AI-supported insights and assistance. The rapid advancements in artificial intelligence continue to reshape the technological landscape, as companies like Microsoft, OpenAI, and Google lead the charge in developing AI companions to support both personal and professional endeavors.

These AI solutions are designed to not only enhance productivity but also provide a more personalized, intuitive experience for users. From Microsoft’s innovative Recall feature to the revamped Copilot and the broad integration of AI companions across platforms like Zoom, these developments mark a significant shift in how humans interact with technology. While the potential benefits are vast, these innovations also raise important questions about data privacy, human-AI relationships, and the ethical implications of such immersive technology. 

As AI continues to evolve and become a more integral part of everyday life, the balance between its benefits and the concerns it may generate will undoubtedly shape the future of AI integration across industries. Microsoft and its competitors remain at the forefront of this technological revolution, striving to create tools that are not only functional but also responsive to the evolving needs of users in a rapidly changing digital world.
Read more »
Vulnerabilities and Exploits
Black hat Copilot Threat Management User Security Vulnerabilities and Exploits

Researchers Demonstrate How Attackers Can Exploit Microsoft Copilot

 

Security researcher Michael Bargury revealed serious flaws in Microsoft Copilot during the recent Black Hat USA conference, demonstrating how hackers might be able to use this AI-powered tool for malicious purposes. This revelation highlights the urgent need for organisations to rethink their security procedures when implementing AI technology such as Microsoft Copilot. 

Bargury's presentation highlighted numerous ways in which hackers could use Microsoft Copilot to carry out cyberattacks. One of the most significant findings was the use of Copilot plugins to install backdoors in other users' interactions, allowing data theft and AI-driven social engineering attacks.

Hackers can use Copilot's capabilities to discreetly search for and retrieve sensitive data, bypassing standard security measures that focus on file and data protection. This is accomplished via modifying Copilot's behaviour using prompt injections, which alter the AI's responses to fit the hacker's goals. 

One of the most concerning parts of this issue is its ability to enable AI-powered social engineering attacks. Hackers can utilise Copilot to generate convincing phishing emails or change discussions to trick victims into disclosing sensitive information. This capability emphasises the importance of robust safety protocols in combating cybercriminals' sophisticated techniques.

To demonstrate these flaws, Bargury created a red-teaming program called "LOLCopilot." This tool allows ethical hackers to simulate attacks and better understand the possible vulnerabilities posed by Copilot. LOLCopilot runs on any Microsoft 365 Copilot-enabled tenant with default configurations, allowing ethical hackers to investigate how Copilot might be abused for data exfiltration and phishing attacks while leaving no traces in system logs. 

The demonstration at Black Hat showed that Microsoft Copilot's default security settings are insufficient to avoid such vulnerabilities. The tool's ability to access and handle enormous amounts of data carries significant risk, especially if permissions are not properly updated. To mitigate these threats, organisations should establish robust security policies such as frequent security assessments, multi-factor authentication, and strict role-based access limits.

Furthermore, organisations must educate their staff on the risks associated with AI tools such as Copilot and have extensive incident response policies. Companies can better protect themselves from the misuse of AI technologies by strengthening security procedures and developing a safety-conscious culture.
Read more »
Technology
ChatGPT Copilot Gemini AI Gen AI Technology

AI Minefield: Risks of Gen AI in Your Personal Sphere

AI Minefield: Risks of Gen AI in Your Personal Sphere

Many customers are captivated by Gen AI, employing new technologies for a variety of personal and corporate purposes. 

However, many people ignore the serious privacy implications.

Is Generative AI all sunshine and rainbows?

Consumer AI products, such as OpenAI's ChatGPT, Google's Gemini, Microsoft Copilot software, and the new Apple Intelligence, are widely available and growing. However, the programs have various privacy practices in terms of how they use and retain user data. In many circumstances, users are unaware of how their data is or may be utilized.

This is where being an informed consumer becomes critical. According to Jodi Daniels, chief executive and privacy expert of Red Clover Advisors, which advises businesses on privacy issues, the granularity of what you can regulate varies depending on the technology. Daniels explained that there is no uniform opt-out for all technologies.

Privacy concerns

The rise of AI technologies, and their incorporation into so much of what customers do on their personal computers and cellphones, makes these problems much more pressing. A few months ago, for example, Microsoft introduced its first Surface PCs with a dedicated Copilot button on the keyboard for rapid access to the chatbot, fulfilling a promise made several months previously. 

Apple, for its part, presented its AI vision last month, which centered around numerous smaller models that operate on the company's devices and chips. Company officials have spoken publicly about the significance of privacy, which can be an issue with AI models.

Here are many approaches for consumers to secure their privacy in the new era of generative AI.

1. Use opt-outs provided by OpenAI and Google

Each generation AI tool has its own privacy policy, which may include opt-out choices. Gemini, for example, lets customers choose a retention time and erase certain data, among other activity limits.

ChatGPT allows users to opt out of having their data used for model training. To do so, click the profile symbol in the bottom-left corner of the page and then pick Data Controls from the Settings header. They must then disable the feature labeled "Improve the model for everyone." According to a FAQ on OpenAI's website, if this is disabled, fresh talks will not be utilized to train ChatGPT's models.

2. Opt-in, but for good reasons

Companies are incorporating modern AI into personal and professional solutions, like as Microsoft Copilot. Opt-in only for valid reasons. Copilot for Microsoft 365, for example, integrates with Word, Excel, and PowerPoint to assist users with activities such as analytics, idea development, and organization.

Microsoft claims that it does not share consumer data with third parties without permission, nor does it utilize customer data to train Copilot or other AI features without consent. 

Users can, however, opt in if they like by logging into the Power Platform admin portal, selecting settings, and tenant settings, and enabling data sharing for Dynamics 365 Copilot and Power Platform Copilot AI Features. They facilitate data sharing and saving.

3. Gen AI search: Setting retention period

Consumers may not think much before seeking information using AI, treating it like a search engine to create information and ideas. However, looking for specific types of information utilizing gen AI might be intrusive to a person's privacy, hence there are best practices for using such tools. Hoffman-Andrews recommends setting a short retention period for the generation AI tool. 

And, if possible, erase chats once you've gathered the desired information. Companies still keep server logs, but they can assist lessen the chance of a third party gaining access to your account, he explained. It may also limit the likelihood of sensitive information becoming part of the model training. "It really depends on the privacy settings of the particular site."

Read more »
Windows Hello
AI technology Copilot Cyber Security data security Edge Browser Microsoft Microsoft Copilot Privacy Concerns Windows 11 Recall Windows Hello

Microsoft Revises AI Feature After Privacy Concerns

 

Microsoft is making changes to a controversial feature announced for its new range of AI-powered PCs after it was flagged as a potential "privacy nightmare." The "Recall" feature for Copilot+ was initially introduced as a way to enhance user experience by capturing and storing screenshots of desktop activity. However, following concerns that hackers could misuse this tool and its saved screenshots, Microsoft has decided to make the feature opt-in. 

"We have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards," said Pavan Davuluri, corporate vice president of Windows and Devices, in a blog post on Friday. The company is banking on artificial intelligence (AI) to drive demand for its devices. Executive vice president Yusuf Medhi, during the event's keynote speech, likened the feature to having photographic memory, saying it used AI "to make it possible to access virtually anything you have ever seen on your PC." 

The feature can search through a user's past activity, including files, photos, emails, and browsing history. While many devices offer similar functionalities, Recall's unique aspect was its ability to take screenshots every few seconds and search these too. Microsoft claimed it "built privacy into Recall’s design" from the beginning, allowing users control over what was captured—such as opting out of capturing certain websites or not capturing private browsing on Microsoft’s browser, Edge. Despite these assurances, the company has now adjusted the feature to address privacy concerns. 

Changes will include making Recall an opt-in feature during the PC setup process, meaning it will be turned off by default. Users will also need to use Windows' "Hello" authentication process to enable the tool, ensuring that only authorized individuals can view or search their timeline of saved activity. Additionally, "proof of presence" will be required to access or search through the saved activity in Recall. These updates are set to be implemented before the launch of Copilot+ PCs on June 18. The adjustments aim to provide users with a clearer choice and enhanced control over their data, addressing the potential privacy risks associated with the feature. 

Microsoft's decision to revise the Recall feature underscores the importance of user feedback and the company's commitment to privacy and security. By making Recall opt-in and incorporating robust authentication measures, Microsoft seeks to balance innovation with the protection of user data, ensuring that AI enhancements do not compromise privacy. As AI continues to evolve, these safeguards are crucial in maintaining user trust and mitigating the risks associated with advanced data collection technologies.
Read more »
Vulnerabilities and Exploits
AI image generation Copilot image generation models Microsoft Microsoft Copilot Vulnerabilities and Exploits

Microsoft Employee Raises Alarms Over Copilot Designer and Urges Government Intervention

 

Shane Jones, a principal software engineering manager at Microsoft, has sounded the alarm about the safety of Copilot Designer, a generative AI tool introduced by the company in March 2023. 

His concerns have prompted him to submit a letter to both the US Federal Trade Commission (FTC) and Microsoft's board of directors, calling for an investigation into the text-to-image generator. Jones's apprehension revolves around Copilot Designer's unsettling capacity to generate potentially inappropriate images, spanning themes such as explicit content, violence, underage drinking, and drug use, as well as instances of political bias and conspiracy theories. 

Beyond highlighting these concerns, he has emphasized the critical need to educate the public, especially parents and educators, about the associated risks, particularly in educational settings where the tool may be utilized. Despite Jones's persistent efforts over the past three months to address the issue internally at Microsoft, the company has not taken action to remove Copilot Designer from public use or implement adequate safeguards. His recommendations, including the addition of disclosures and adjustments to the product's rating on the Android app store, were not implemented by the tech giant. 

Microsoft responded to the concerns raised by Jones, assuring its commitment to addressing employee concerns within the framework of company policies. The company expressed appreciation for efforts aimed at enhancing the safety of its technology. However, the situation underscores the internal challenges companies may face in balancing innovation with the responsibility of ensuring their technologies are safe and ethical. 

This incident isn't the first time Jones has spoken out about AI safety concerns. Despite facing pressure from Microsoft's legal team, Jones persisted in voicing his concerns, even extending his efforts to communicate with US senators about the broader risks associated with AI safety. The case of Copilot Designer adds to the ongoing scrutiny of AI technologies in the tech industry. Google recently paused access to its image generation feature on Gemini, its competitor to OpenAI's ChatGPT, after facing complaints about historically inaccurate images involving race. 

DeepMind, Google's AI division, reassured users that the feature would be reinstated after addressing the concerns and ensuring responsible use of the technology. As AI technologies become increasingly integrated into various aspects of our lives, incidents like the one involving Copilot Designer highlight the imperative for vigilant oversight and ethical considerations in AI development and deployment. The intersection of innovation and responsible AI use remains a complex landscape that necessitates collaboration between tech companies, regulatory bodies, and stakeholders to ensure the ethical and safe evolution of AI technologies.
Read more »
Technology
AI Chatbots Bing Chat Chatbot ChatGPT Copilot Microsoft Microsoft Copilot Technology

Bing Chat Rebrands to ‘Copilot’: What is New?


Bing Chat has been renamed as ‘Copilot,’ according to an announcement made during Microsoft Ignite 2023.

But, is the name change the only new thing the users will be introduced with? The answer could be a little ambiguous. 

What is New with Bing Chat (now Copilot)? Honestly, there are no significant changes in Copilot, previously called Bing Chat. “Refinement” might be a more appropriate term to characterize Microsoft's perplexing activities. Let's examine three modifications that Microsoft made to its AI chatbot.

Here, we are listing some of these refinements:

1. A New Home

Copilot, then Bing Chat, now has its own standalone webpage. One can access this webpage at https://copilot.microsoft.com

This means that the user will no longer be required to visit Bing in order to access Microsoft’s AI chat experience. One can simply visit the aforementioned webpage, without Bing Search and other services interfering with your experience. Put differently, it has become much more "ChatGPT-like" now. 

Notably, however, the link seems to only function with desktop versions of Microsoft Edge and Google Chrome. 

2. A Minor Makeover

While Microsoft has made certain visual changes in the rebranded Bing Chat, they are however insignificant. 

This new version has smaller tiles but still has the same prompts: Write, Create, Laugh, Code, Organize, Compare, and Travel.

However, the users can still choose the conversation style, be it Creative, Balanced and Precise. The only big change, as mentioned before, is the new name (Copilot) and the tagline: "Your everyday AI companion." 

Though the theme colour switched from light blue to an off-white, the user interface is largely the same.

Users can access DALLE-3 and GPT-4 for free with Bing Chat, which is now called Copilot. But in order to utilize Copilot on platforms like Word, Excel, PowerPoint, and other widely used productivity tools, users will have to pay a membership fee for what Microsoft refers to as "Copilot for Microsoft 365."

3. Better Security for Enterprise Users

With Copilot, users can access DALLE-3 and GPT-4 for free. But in order to utilize Copilot on platforms like Word, Excel, PowerPoint, and other widely used productivity tools, users will have to pay a membership fee for what Microsoft refers to as "Copilot for Microsoft 365."

This way, users who have had a Bing Chat Enterprise account, or pay for a Microsoft 365 license, will get an additional benefit of more data protection./ Copilot will be officially launched on December 1. 

What Stayed the Same? 

Microsoft plans to gradually add commercial data protection for those who do not pay. However, Copilot currently stores information from your interactions and follows the same data policy as the previous version of Bing Chat for free users. Therefore, the name and domain change is the only difference for casual, non-subscribing Bing Chat users. OpenAI's GPT-4 and DALL-E 3 models are still available, but users need to be careful about sharing too much personal data with the chatbot.

In summary, there is not much to be excited about for free users: Copilot is the new name for Bing Chat, and it has a new home.  

Read more »
Technology
AI Assistant AI Chatbot AI-powered tool Copilot Microsoft Microsoft 365 Microsoft Copilot Technology

Microsoft Copilot: New AI Chatbot can Attend Meetings for Users


A ChatGPT-style AI chatbot, developed by Microsoft will now help online users summarize their Teams meetings by drafting emails, and creating Word documents, spreadsheet graphs, and PowerPoint presentations in very little time. 

Microsoft introduced Copilot – its workplace assistant – earlier this year, labelling the product as a “copilot for work.”

Copilot which will be made available for the users from November 1, will be integrated to the subscribers of Microsoft 365 apps such as Word, Excel, Teams and PowerPoint – with a subscription worth $30 per user/month.

Additionally, as part of the new service, employees at companies who use Microsoft's Copilot could theoretically send their AI helpers to meetings in their place, allowing them to miss or double-book appointments and focus on other tasks.

‘Busywork That Bogs Us Down’

With businesses including General Motors, KPMG, and Goodyear, Microsoft has been testing Copilot, which assists users with tasks like email writing and coding. Early feedback from those companies has revealed that it is used to swiftly respond to emails and inquire about meetings. 

According to Jared Spataro, corporate vice president of modern work and business applications at Microsoft, “[Copilot] combines the power of large language models (LLMs) with your data…to turn your words into the most powerful productivity tool on the planet,” he said in a March blog post. 

Spataro promised that the technology would “lighten the load” for online users, stating that for many white-collar workers, “80% of our time is consumed with busywork that bogs us down.”

For many office workers, this so-called "busywork" includes attending meetings. According to a recent British study, office workers waste 213 hours annually, or 27 full working days, in meetings where the agenda could have been communicated by email.

Companies like Shopify are deliberately putting a stop to pointless meetings. When the e-commerce giant introduced an internal "cost calculator" for staff meetings, it made headlines during the summer. According to corporate leadership, each 30-minute meeting costs the company between $700 and $1,600.

Copilot will now help in reducing this expense. The AI assistant's services include the ability to "follow" meetings and produce a transcript, summary, and notes once they are over.

Microsoft, in July, noted that “the next wave of generative AI for Teams,” which included incorporating Copilot further into Teams calls and meetings.

“You can also ask Copilot to draft notes for you during the call and highlight key points, such as names, dates, numbers, and tasks using natural language commands[…]You can quickly synthesize key information from your chat threads—allowing you to ask specific questions (or use one of the suggested prompts) to help get caught up on the conversation so far, organize key discussion points, and summarize information relevant to you,” the company noted.

In regard to the same, Spataro states that “Every meeting is a productive meeting with Copilot in Teams[…]It can summarize key discussion points—including who said what and where people are aligned and where they disagree—and suggest action items, all in real-time during a meeting.

However, Microsoft is not the only tech giant working on making meeting tolerant, as Zoom and Google have also introduced AI-powered chatbots for the online workforce that can attend meetings on behalf of the user, and present its conclusions during the get-together.  

Read more »
Subscribe to: Comments (Atom)