Index-Based Browsing
Type: mitigation
Description: A defense mechanism that helps protect against use of web browser tools data exfiltration and initial access. When a user asks the AI system to access a URL, it will ask a web search and have access only to information that the index provides. The URL will is not accessed by the AI System at all.
Version: 0.1.0
Created At: 2024-10-03 22:24:49 +0300
Last Modified At: 2024-10-03 22:24:49 +0300
External References
- Data, privacy, and security for web queries in Microsoft 365 Copilot and Microsoft Copilot, Microsoft
Related Objects
- --> Microsoft Copilot for M365 (platform): Microsoft Copilot for M365 cannot browse websites. Instead, its web browsing tool has access to the data available on Bing's index for the relevant website page.
- <-- Web Request Triggering (technique): Limiting an AI System to query a search index rather than perform a URL retrieval Setting a Content Security Policy can mitigate this technique by disrupting an attacker's ability to provide a URL to a domain under their control.