Security News > 2024 > August > Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service
Cybersecurity researchers have discovered two security flaws in Microsoft's Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data.
The critical issues, now patched by Microsoft, could have allowed access to cross-tenant resources within the service, Tenable said in a new report shared with The Hacker News.
The Azure AI Health Bot Service is a cloud platform that enables developers in healthcare organizations to build and deploy AI-powered virtual health assistants and create copilots to manage administrative workloads and engage with their patients.
This includes bots created by insurance service providers to allow customers to look up the status of a claim and ask questions about benefits and services, as well as bots managed by healthcare entities to help patients find appropriate care or look up nearby doctors.
Tenable's research specifically focuses on one aspect of the Azure AI Health Bot Service called Data Connections, which, as the name implies, offers a mechanism for integrating data from external sources, be it third parties or the service providers' own API endpoints.
"In particular, the vulnerabilities involved a flaw in the underlying architecture of the chatbot service, highlighting the importance of traditional web app and cloud security in the age of AI chatbots."
News URL
https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in_0471960302.html
Related news
- US disrupts AI-powered bot farm pushing Russian propaganda on X (source)
- FBI, cyber-cops zap ~1K Russian AI disinfo Twitter bots (source)
- U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation (source)
- SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks (source)
- Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems (source)