Microsoft’s plan to turn websites into AI apps has already hit a road bump in the form of an embarrassing security flaw.
Natural Language Web (NLWeb), which Microsoft announced back in May at its annual Build developer conference, was supposed to make websites queryable with natural language, kind of like interacting with AI chatbots like Copilot or ChatGPT. Microsoft described the project as like HTML for the agentic web.
However, researchers have now found a flaw in the NLWeb project that could allow any remote user to read sensitive files, like system configurations or even API keys for large language models (LLMs) like GPT-4.
Researchers Aonan Guan and Lei Wang found the flaw and reported it to Microsoft back in May, and Guan uploaded a blog post detailing how they found the flaw on August 6. Guan is a senior cloud security engineer at smart home tech company Wyze, though the research was conducted independently.
The flaw, embarrassingly, is a common path traversal issue. Path traversal flaws allow people to access files they otherwise wouldn’t be able to access by manipulating variables in the file path. In other words, it’s fairly easy to exploit, with attacks as simple as a malformed URL enabling access to sensitive files. Coupled with Microsoft already deploying NLWeb to major customers like Canada’s Shopify, Eventbrite and TripAdvisor, it’s quite an embarrassing mistake for Microsoft.
The Redmond, Washington-based tech giant fixed the flaw on July 1st, but hasn’t issued a Common Vulnerabilities and Exposures (CVE), which is industry standard for classifying security flaws like this.
Microsoft told The Verge that it updated the open-source repository for NLWeb with the fix and that customers who use it “are automatically protected.” But Guan notes that NLWeb users must pull the new build version to eliminate the flaw.
Guan also argued that the flaw allowing access to LLM API keys is “catastrophic,” as an attacker is effectively able to steal an AI agent’s “ability to think, reason, and act,” which could lead to massive financial loss or the creation of a malicious clone.
Source: Aonan Guan (Medium) Via: The Verge
MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.
