Security researchers uncover new ChatGPT vulnerabilities that expose user data, Microsoft prepares “Agentic Users” with full M365 access, and the EU considers loosening GDPR rules around cookies and AI training. Today’s briefing breaks down the risks, policy shifts, and emerging challenges enterprises must prepare for as AI becomes deeply embedded in daily operations.
Register Now
Hello and welcome to your 2-Minute Tech Briefing from Computerworld. I'm your host, Arnold Davick, reporting from the floor of the New York Stock Exchange. Here are the top IT news stories you need to know for Wednesday, November 19th. Let's dive in!
First up, from CSO Online, security researchers at Tenable have uncovered seven new methods attackers can use to extract private data from chat GPT, including sensitive information stored in users chat histories.
The exploits rely on indirect prompt injections that take advantage of default chat GPT features such as long term memory and built in web search. Researchers warn the vulnerabilities could allow attackers to compromise users simply by asking chat GPT an innocent looking question.
The flaws are present in the latest GPT five model. They are described as a new frontier in AI exploitation. And from ComputerWorld, Microsoft is preparing a major shift in how AI shows up inside the workplace. Later this month, the company will introduce agent tech users.
These are autonomous AI agents that function like real employees inside Microsoft 365 They will have their own email and teams accounts, as well as the ability to attend meetings and edit documents.
Each agent will also require its own M365 license, raising new questions about costs and consumption based billing. Microsoft says the rollout will begin globally on desktop systems later in November.
And finally, from Computerworld, the European Commission is preparing major revisions to the GDPR, changes that privacy groups warn could weaken the EU strongest digital protections. A leaked draft of the upcoming digital omnibus package would end the requirement for websites to obtain explicit consent before setting tracking cookies.
It also would explicitly allow companies to train AI models on personal data under legitimate interest justifications. Privacy advocates say the proposal could open the door to broader data harvesting. Meanwhile, the Commission argues it will simplify compliance and foster innovation.
That's today's 2-Minute Tech Briefing for more enterprise tech news, visit Computerworld and CSO online, and don't forget to like and subscribe to TechTalk YouTube channel.