(Mis)adventures with Copilot+: Attacking and Exploiting Windows NPU Drivers
Black Hat Asia 2025 · Day 2 · Briefings
The advent of **Copilot+ PCs** marks a significant shift in Windows computing, deeply integrating Artificial Intelligence capabilities directly into the operating system. This talk, "(Mis)adventures with Copilot+: Attacking and Exploiting Windows NPU Drivers," presented by a graduate student from UN Surirk University of Applied Science and their supervisor Gangur, delves into the security implications of this new paradigm. The core focus is on the **Neural Processing Unit (NPU)** drivers, which are the backbone of Copilot+ features like local AI model execution, live translation, and the controversial Recall functionality.
AI review
This talk dissects the nascent security landscape of Windows Copilot+ NPU drivers, exposing critical kernel vulnerabilities in Qualcomm Snapdragon and AMD Ryzen hardware. The research unearths a disturbing trend: NPU drivers are inheriting a decade's worth of architectural flaws from their GPU predecessors, a clear failure by vendors and Microsoft to learn from history. The speakers don't just point fingers; they deliver a detailed technical deep-dive into two distinct kernel-mode exploits, culminating in a novel arbitrary increment primitive that bypasses Windows 24H2 mitigations for…