Presented at
DEF CON 33 (2025),
Aug. 10, 2025, 10 a.m.
(20 minutes).
In this session, Tobias Diehl will demonstrate a critical vulnerability in Microsoft’s CoPilot AI, exposing how data voids can be hijacked to manipulate AI-generated responses. By exploiting CoPilot’s reliance on limited data sources, Tobias will show how attackers can inject persistent malicious content, associating it with legitimate Microsoft topics, and how AI fails to validate key terms. The presentation will cover the mechanics of key term association attacks, data void exploitation, and their real-world implications, including the risk of CoPilot delivering dangerous installation instructions for command-and-control (C2) beacons for initial access. Using a proof-of-concept from Microsoft’s Zero Day Quest event, attendees will see how the hijacking process works in practice, how threat actors can target enterprise users, and how AI systems can be tricked into guiding users toward compromised actions.
References:
- [link](https://datasociety.net/wp-content/uploads/2019/11/Data-Voids-2.0-Final.pdf) (Released by Microsofts Bing Team)
- [link](https://www.lasso.security/blog/lasso-major-vulnerability-in-microsoft-copilot) (Research by related Security Researchers)
Presenters:
-
Tobias "ItsSixtyNein" Diehl
Tobias Diehl is a security researcher and offensive security engineer with a background spanning red team operations, penetration testing, cloud security, and adversarial AI research. Over the past decade, he has worked across both private and public sectors, supporting enterprise defense teams and developing offensive tooling used to uncover high-impact vulnerabilities in modern systems. He is recognized as a Microsoft Most Valuable Researcher (MVR) for his continued contributions to vulnerability discovery and responsible disclosure across Microsoft platforms.
Similar Presentations: