Mind the Data Voids: Hijacking Copilot Trust

Name: Mind the Data Voids: Hijacking Copilot Trust
Description: Microsoft Copilot integrates the Bing search engine as a live retrieval backend — when users ask about topics not covered by Copilot's training data, it fetches current information from Bing and uses

Tobias Diehl

DEF CON 33 · Day 2 · Main Stage

Microsoft Copilot integrates the Bing search engine as a live retrieval backend — when users ask about topics not covered by Copilot's training data, it fetches current information from Bing and uses

AI review

Copilot data void exploitation for C2 delivery — Bing indexes attacker content, Copilot presents it with Microsoft authority, implant reads instructions from the synthesized response, zero direct attacker connections required.

Watch on YouTube