Index-Based Browsing

Type: mitigation

Description: A defense mechanism that helps protect against use of web browser tools data exfiltration and initial access. When a user asks the AI system to access a URL, it will ask a web search and have access only to information that the index provides. The URL will is not accessed by the AI System at all.

Version: 0.1.0

Created At: 2024-10-03 22:24:49 +0300

Last Modified At: 2024-10-03 22:24:49 +0300


External References

  • --> Microsoft Copilot for M365 (platform): Microsoft Copilot for M365 cannot browse websites. Instead, its web browsing tool has access to the data available on Bing's index for the relevant website page.
  • <-- Web Request Triggering (technique): Limiting an AI System to query a search index rather than perform a URL retrieval Setting a Content Security Policy can mitigate this technique by disrupting an attacker's ability to provide a URL to a domain under their control.