Content Security Policy
Type: mitigation
Description: A defense mechanism that helps protect against web browsing tools and markdown rendering for data exfiltration. When a user asks the AI system to access a URL, it will only access it if the URL is from a limited set of trusted domains.
Version: 0.1.0
Created At: 2024-10-03 22:24:49 +0300
Last Modified At: 2024-10-03 22:24:49 +0300
External References
- Bing Chat: Data Exfiltration Exploit Explained, Embrace The Red
Related Objects
- --> Microsoft Copilot (platform): Microsoft Copilot can render URLs and links if they fall under these trusted domains:
th.bing.com
www.bing.com
edgeservices.bing.com
r.bing.com
- <-- Image Rendering (technique): Setting a Content Security Policy can mitigate this technique by disrupting an attacker's ability to provide a URL to a domain under their control.
- <-- Clickable Link Rendering (technique): Setting a Content Security Policy can mitigate this technique by disrupting an attacker's ability to provide a URL to a domain under their control.