https://community.isc2.org/t5/Threats/Microsoft-CoPilot-Rooted-Never-say-Never-with-AI/m-p/82880#M1694 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>&nbsp;wrote:<P>&nbsp;</P><P>A critical security vulnerability has been discovered in Microsoft [snip] What began as a feature enhancement turned into a playground for exploitation.</P><P>&nbsp;</P><HR /></BLOCKQUOTE><P>How often could that have been written over the past decades? Thanks for the link to cybersecuritynews.com - great writeup. The issue here seems to have been the rush to market. I fear the AI bubble is being pumped bigger than anything we've seen in the past. That's not a good formula for security or market stability.&nbsp;</P> Wed, 06 Aug 2025 10:58:58 GMT JoePete 2025-08-06T10:58:58Z https://community.isc2.org/t5/Threats/Microsoft-CoPilot-Rooted-Never-say-Never-with-AI/m-p/82636#M1690 <P>Hi All</P><P>&nbsp;</P><P>Well we suspected it would happen, what with another larger than life individual stating AI should be renamed Genius Intelligence.&nbsp; It will not be the last we hear of such incidents going forward.</P><P>&nbsp;</P><P>A critical security vulnerability has been discovered in Microsoft Copilot Enterprise, allowing unauthorized users to gain root access to its backend container.</P><P>This vulnerability poses a significant risk, potentially allowing malicious users to manipulate system settings, access sensitive data, and compromise the application’s integrity.</P><P>The issue originated from an April 2025 update that introduced a live Python sandbox powered by Jupyter Notebook, designed to execute code seamlessly. What began as a feature enhancement turned into a playground for exploitation, highlighting risks in AI-integrated systems.</P><P>&nbsp;</P><P>The full details are shown here:</P><P>&nbsp;</P><P><A href="https://cybersecuritynews.com/microsoft-copilot-rooted/" target="_blank">https://cybersecuritynews.com/microsoft-copilot-rooted/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 28 Jul 2025 22:02:17 GMT https://community.isc2.org/t5/Threats/Microsoft-CoPilot-Rooted-Never-say-Never-with-AI/m-p/82636#M1690 Caute_cautim 2025-07-28T22:02:17Z https://community.isc2.org/t5/Threats/Microsoft-CoPilot-Rooted-Never-say-Never-with-AI/m-p/82880#M1694 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>&nbsp;wrote:<P>&nbsp;</P><P>A critical security vulnerability has been discovered in Microsoft [snip] What began as a feature enhancement turned into a playground for exploitation.</P><P>&nbsp;</P><HR /></BLOCKQUOTE><P>How often could that have been written over the past decades? Thanks for the link to cybersecuritynews.com - great writeup. The issue here seems to have been the rush to market. I fear the AI bubble is being pumped bigger than anything we've seen in the past. That's not a good formula for security or market stability.&nbsp;</P> Wed, 06 Aug 2025 10:58:58 GMT https://community.isc2.org/t5/Threats/Microsoft-CoPilot-Rooted-Never-say-Never-with-AI/m-p/82880#M1694 JoePete 2025-08-06T10:58:58Z