Reposted by JJ
Your weekly reminder not to build LLM systems that combine access to private data with exposure to untrusted tokens and exfiltration vectors (the "lethal trifecta"). This time it was Microsoft 365 Copilot (now patched, they closed the exfiltration holes) simonwillison.net/2025/Jun/11/...
Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot
Aim Labs reported CVE-2025-32711 against Microsoft 365 Copilot back in January, and the fix is now rolled out. This is an extended variant of the prompt injection exfiltration attacks we've …
simonwillison.net
June 11, 2025 at 11:09 PM
Your weekly reminder not to build LLM systems that combine access to private data with exposure to untrusted tokens and exfiltration vectors (the "lethal trifecta"). This time it was Microsoft 365 Copilot (now patched, they closed the exfiltration holes) simonwillison.net/2025/Jun/11/...
@antonbabenko.com weekly.tf #214 is a banger! Three pointers of direct relevance, and others of great interest. Well done! 👏 And thank you! 🙏 #terraform
Terraform Weekly
A weekly newsletter about Terraform ecosystem (posts, tools, tips&tricks, open-source) with humble opinions by Anton Babenko.
weekly.tf
February 26, 2025 at 4:21 PM
@antonbabenko.com weekly.tf #214 is a banger! Three pointers of direct relevance, and others of great interest. Well done! 👏 And thank you! 🙏 #terraform