When a new technology is introduced, it is introduced with big excitement.  The potential benefits are great, there’s lots of pundits writing articles, Techies vying for ‘expert’ status, Businesses jumping on the bandwagon.

Companies are racing to produce viable exciting products first.

In this pressure, I think safety and security are sometimes de-prioritized in favour of delivery of features.

Even in Medical devices, where one would think safety and security should be most critical.

Example:  the Bluetooth-enabled Heart Pacemaker, which was introduced in 2009.  It was a great invention, but with no security.   No encryption of data, and Hackers could gain control of the pacemaker, altering its settings or even disabling it, which could have life-threatening consequences.

Now with A.I. 

Microsoft produced an amazing AI system, but in what’s probably the smallest, easiest part of their AI system, they forgot all the hard-learned lessons of lack of security from its other products ( Windows, Excel, Word, Office, Internet Explorer).

Maybe the only way to protect the Co-Pilot plug-in eco-system would be to control it like Apple does its app store.

There is a way for companies rolling out Co-Pilot in a Microsoft environment, MS Entra, MS Defender, MS InTune, to limit the plug-ins to a vetted list of approved plug-ins.

Here’s the article I read where I first read about this Copilot hack:

Researchers Demonstrate How Hackers Can Exploit Microsoft Copilot