Piloting Edge Copilot
DAY 1
10:00-
10:40
The integration of AI features into web browsers are useful for users, but how about for attackers?
In this talk, I will explain the security implications of integrating the AI-powered Edge Copilot into the Microsoft Edge browser, by showcasing multiple vulnerabilities I discovered. Such as stealing content of any site, accessing microphone and camera permissions without user’s permission, and so on.
This talk also highlights the interesting integration of a relatively secure system (Edge) with an insecure system (Bing), and how a mitigation enforced by a secure system can be circumvented using an insecure system. Additionally, I will demonstrate how LLM-specific exfiltration techniques can be employed to bypass traditional security mitigations.
-
Location :
-
Track 1(HALL B)
-
-
Category :
-
Technical
-
-
Share :
Speakers
-
Jun Kokatsu
小勝 純
Browser and Web security engineer/researcher. Thought leader without a follower :D
Currently working on Web and LLM security at Google. Former founding member of Chromium Edge Security team at Microsoft.