LLM deployment flaws that catch IT by surprise

2 weeks ago AndyC

LLMs that see too much
One massive flaw in today’s LLM systems — which Microsoft acknowledged on March 6 when it introduced a new SharePoint feature for use with its Copilot LLM — is the ability to access a wide range of SharePoint files that are not inte

[…]

LLMs that see too much

One massive flaw in today’s LLM systems — which Microsoft acknowledged on March 6 when it introduced a new SharePoint feature for use with its Copilot LLM — is the ability to access a wide range of SharePoint files that are not intended to be shared.

With Copilot, “when you enable access for a user, it replicates the access that they have. It can then access anything that they have access to, whether they know it or not,” said Nick Mullen, the IT governance manager for a Fortune 500 insurance company.

“The SharePoint repository runs in the background, but it also has access to anything that is public in your entire ecosystem. A lot of these sites are public by default,” said Mullen, who also runs his own security company called Sanguine Security.

Available in public preview, the new feature is called Restricted SharePoint Search. Microsoft says the feature “allows you to restrict both organization-wide search and Copilot experiences to a curated set of SharePoint sites of your choice.”

The current default option is for public access. According to Microsoft’s support documentation, “Before the organization uses Restricted SharePoint Search, Alex [a hypothetical user] can see not only his own personal contents, like his OneDrive files, chats, emails, contents that he owns or visited, but also content from some sites that haven’t undergone access permission review or Access Control Lists (ACL) hygiene, and doesn’t have data governance applied.” Because Alex has access to sensitive information (even if he’s not aware of it), so does Copilot.

The same problem applies to any corporate data storage environment. IT must thoroughly audit users’ data access priveleges and lock down sensitive data before allowing them to run queries with an LLM.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts