← back NO. #d2b55334

NO.: #d2b55334
Topic: OTHER
Source: Simon Willison
Published: 2026-05-26 15:36:48
Importance: ★ 5/10 — radar 50
Original: simonwillison.net/2026/May/26/copilot-cowork-exfiltrates-files/#atom-everything

`Microsoft Copilot Cowork` File Exfiltration via Prompt Injection

Agent-written email became a data leak path. External images plus OneDrive pre-auth links make approval gates non-optional for file-capable agents.

[ KEY POINTS ]

Copilot Cowork could email the user's own inbox without approval, creating an indirect outbound channel for compromised agents.
Rendered external images can trigger attacker-controlled network requests. That turns normal email viewing into data exfiltration.
OneDrive pre-authenticated download links raise the blast radius: leaking a link can expose the file without another login step.
Any agent with file access, messaging, and web-rendered content needs explicit approvals and blocked remote fetches by default.

Originalsimonwillison.net/2026/May/26/copilot-cowork-exfiltrates-files/#atom-everythingRead original →

// related

#0001
#0001Other Simon Willison5 hours ago
AI-assisted security reports are overwhelming `curl` maintainers
40radar
AI is raising both the volume and quality of security reports. The bottleneck shifts from finding bugs to triaging them, a real maintenance cost for any public project.
- Incoming curl security reports are 4-5x higher than 2024 and now average more than one per day.
- Report quality is higher: detailed, credible submissions reduce noise but raise review workload sharply.
- Recent curl vulnerabilities are still LOW or MEDIUM; better discovery does not automatically mean severe risk.
- Public libraries and APIs need a triage path before opening the floodgate to AI-generated reports.
Source: simonwillison.net/2026/May/26/the-pressure/#atom-everythRead original →
40radar
PHOTO
FIG-0011:1
#0002
#0002Other Simon Willison2 days ago
`Datasette` `1.0a30` adds an extensible Jump menu
40radar
DatasetteOpen-source data publishing tool — exposes SQLite via web UI
Press / to search databases, tables, and debug targets from one menu. Plugin-added entries make small data tools quicker to navigate.
- The new Jump to... menu opens with / and filters databases, tables, and debug options as you type.
- Plugins can add searchable entries through jump_items_sql(), so custom admin or data views can plug into the same launcher.
- This is an alpha release, so it is best for testing navigation patterns before adopting it in production dashboards.
Source: simonwillison.net/2026/May/24/datasette/#atom-everythingRead original →
40radar
PHOTO
FIG-0021:1
#0003
#0003Other GeekNews2 days ago
Memory Now Takes Nearly Two-Thirds of AI Chip Component Cost
40radar
AI accelerator economics are shifting from logic toward memory supply. HBM is becoming the cost anchor, so cheaper inference will depend as much on memory capacity as model-side optimization.
- HBM rose from 52% of weighted average component cost in Q1 2024 to 63% in Q4 2025 across Nvidia, AMD, Google, and Amazon AI chips.
- Logic die share stayed near 13%, so the cost pressure is not coming from compute silicon itself.
- Advanced packaging fell from 19% to 15%, and auxiliary parts from 15% to 9%; memory is absorbing the budget share.
- Cloud GPU and API pricing will remain sensitive to memory supply. Smaller models and cache-efficient inference keep gaining leverage.
Source: news.hada.io/topic?id=29837Read original →
FIG-0031:1
40radar
FIG-0031:1

`Microsoft Copilot Cowork` File Exfiltration via Prompt Injection

// related

AI-assisted security reports are overwhelming `curl` maintainers

`Datasette` `1.0a30` adds an extensible Jump menu

Memory Now Takes Nearly Two-Thirds of AI Chip Component Cost