Microsoft has issued important and comprehensive security updates to its intelligent assistant, Microsoft 365 Copilot, with the aim of enabling users and companies to better control the data and files that artificial intelligence can access during the process of analyzing information.
This action comes after the company received several reports indicating that the smart assistant is including confidential and sensitive information, stored on local devices, in the reports and summaries it creates for employees. The new protection features will be activated as default settings during the coming period, preventing artificial intelligence from reading and analyzing files that the user does not have clear permissions to share.
Protection policies:
According to the Help Net Security website, which specializes in the field of cybersecurity, this response from Microsoft is considered necessary to address vulnerabilities related to data loss (DLP). The site explained that protection policies were previously effectively applied to cloud files found in the “OneDrive” and “SharePoint” services, but they did not include files saved locally on users’ personal computers, which represented a weakness that allowed artificial intelligence to unintentionally extract and incorporate sensitive information into its responses to users.
The background to this problem lies in the significant challenges that companies face when adopting artificial intelligence technologies integrated into their daily work environments. As organizations seek to leverage the potential of artificial intelligence to enhance productivity and automate tasks, new risks are emerging related to privacy and internal data security. This step by Microsoft is part of broader efforts in the technology sector to develop secure frameworks from the beginning (Secure-by-Design), ensuring that advanced artificial intelligence tools do not conflict with policies for protecting corporate secrets and legal obligations related to information security.
Filling local access gaps:
This update addresses a previous deficiency that allowed AI to access sensitive, unprotected data stored on personal devices. This step reflects the necessity of providing smart tools capable of assisting employees without compromising security standards and company privacy policies. (seventh day)
