Never considered it before until now.

Abuse Microsoft AI copilot to "live off the land" and perform automated malicious tasks by simply instructing the AI agent to do the dirty work.

Tweak the provided Microsoft example to be malicious. pic.twitter.com/XN648ZKp2f

— vx-underground (@vxunderground) August 18, 2025

Microsoft isn’t disclosing this so: M365 Copilot allowed users to access files without producing an audit log. All you had to do was ask Copilot to not link to the file. You don’t even have to ask; it sometimes just happens. If your org uses Copilot your audit log is likely wrong https://t.co/EvoPQGC0wB

— Zack Korman (@ZackKorman) August 19, 2025

IRA’s Stormont spy ring material included map detailing Castle Buildings zones, passwords and security info https://t.co/Hb11JXcoPn

— Dr. Dan Lomas (@Sandbagger_01) August 19, 2025

This is an interesting case study because it concretely shows that you have to go further than allowlisting known/trusted executables, they also need runtime memory integrity protection/guarantees:https://t.co/xIRIkUNTzL

Ideally, page-level integrity like iOS in your vm impl.

— Dino A. Dai Zovi (@dinodaizovi) August 19, 2025

As it turns out, @orange_8361 and I have more in common than I had thought! If you love old school PHP quirks and CTF tricks I recommend you read our articles:https://t.co/oFro6bACfihttps://t.co/6Y9yMUlilj

— ϻг_ϻε (@steventseeley) August 19, 2025