Content Security Policy

Type: mitigation

Description: A defense mechanism that helps protect against web browsing tools and markdown rendering for data exfiltration. When a user asks the AI system to access a URL, it will only access it if the URL is from a limited set of trusted domains.

Version: 0.1.0

Created At: 2024-10-03 22:24:49 +0300

Last Modified At: 2024-10-03 22:24:49 +0300


External References

  • --> Microsoft Copilot (platform): Microsoft Copilot can render URLs and links if they fall under these trusted domains:
th.bing.com
www.bing.com
edgeservices.bing.com
r.bing.com
  • <-- Image Rendering (technique): Setting a Content Security Policy can mitigate this technique by disrupting an attacker's ability to provide a URL to a domain under their control.
  • <-- Clickable Link Rendering (technique): Setting a Content Security Policy can mitigate this technique by disrupting an attacker's ability to provide a URL to a domain under their control.