This isn’t an example of escalation. Copilot is using the user’s token similar t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		p_ing 9 days ago \| parent \| context \| favorite \| on: Copilot broke audit logs, but Microsoft won't tell... This isn’t an example of escalation. Copilot is using the user’s token similar to any other OAuth app that needs to act on behalf of the user.

lokar 9 days ago [–]

If that is true, then how did it not get logged? The audit should not be under the control of the program making the access.

p_ing 8 days ago | [–]

You're conflating two issues. The Purview search used to get the bad result wasn't clear, so unsure what system is doing the logging.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact