Comment by jakedata
3 days ago
We are doing a Gemini POC and this nugget dropped in my lap today. We were not entirely unprepared as a result. The default level of access is just the interactive chatbot thing. However if you enable the Google Workspace extension it will be able to search and process all the information stored in your workspace account and also any Google Drive files that are shared with you. This includes stuff you didn't know you had access to in Shared Drives so folks better make sure their permissions are locked down. Workspace admins might be advised to turn it off at the org level until they understand the ramifications.
Reminds me of an entertaining story about Microsoft Copilot last year, where companies were turning it off because it turned out it was TOO good at its job - if any accountant anywhere in the company had messed up their SharePoint permissions asking "what does everyone at this company earn?" would spit out all of the salaries: https://simonwillison.net/2024/Aug/23/microsoft-copilot-data...
That of course allows for a new internal seditious attack vector. Generate a handful of spreadsheets in your own folder, name it something like "executive payroll data" or "sales revenue by org," put whatever you want in there, mark it visible by all, and wait.
Maybe make an "Interesting Facts About Products" table and put things like "Management plans to terminate this product in Q3" or "this group will be outsourced next year."
You have to change the font colour of the trojan data to be the same as the background colour of the doc!
Then add some corporate lorem ipsum text elsewhere in the doc to throw the scent off the data bloodhounds.
Sit back and wait with an evil grin on your face.
5 replies →
It wouldn't need to be a permissions error on the file caused by the accountant, it could be an authorisation error on behalf of <whoever gives the LLM access to the various systems> providing too high a level of access (in their enthusiasm for the biggest possible set of training data).
Hacking in 2025
This was just posed as a hypothetical, not something that actually happened. It would also require that the person asking about salary information already have access to said data.
Full quote: > "Particularly around bigger companies that have complex permissions around their SharePoint or their Office 365 or things like that, where the Copilots are basically aggressively summarizing information that maybe people technically have access to but shouldn't have access to," he explained.
Berkowitz said salary information, for example, might be picked up by a Copilot service.
"Now, maybe if you set up a totally clean Microsoft environment from day one, that would be alleviated," he told us. "But nobody has that. People have implemented these systems over time, particularly really big companies. And you get these conflicting authorizations or conflicting access to data."
I am surprised the Workspace extension isn’t controlled by the same setting that limits general workspace search results, where you can set things up so only documents you’ve seen or are linked to from documents you have explicit access to are returned in results: https://support.google.com/a/answer/12732365?hl=en