This is a post with all of the links and additional materials for a talk at RSAC 2025 titled Your Copilot Is My Insider.

Abstract:

This session will look at how Copilots can be used as novel attack vectors to compromise user accounts for initial access and exploitation. Will demo how to subvert a Copilot into a malicious insider without access, controlling its actions and outputs and use this remote control to make Copilot spear phish, resulting in a user making badly informed decisions. All without compromising an account.

Resources

Reply

Avatar

or to participate

Keep Reading