|
|
|
|
|
|
by degamad
27 days ago
|
|
|
> Only if it has access to exfiltrate data. Or if it has access to a tool call which allows it to exfiltrate data. In the example identified, the AI agent never accesses the exfiltration URL. The agent sends an innocuous-looking message to a user via a teams message. MSTeams previews the link, accessing the exfiltration URL. |
|
|