Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This isn’t an example of escalation. Copilot is using the user’s token similar to any other OAuth app that needs to act on behalf of the user.


If that is true, then how did it not get logged? The audit should not be under the control of the program making the access.


You're conflating two issues. The Purview search used to get the bad result wasn't clear, so unsure what system is doing the logging.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: