Researchers discover how attackers can trick AI memory systems into storing lies, compromising Microsoft 365 security.
Security researchers have uncovered a troubling weakness in how artificial intelligence assistants remember information. The vulnerability, demonstrated in an attack framework called Forg365, shows that hackers can send a single email to trick an AI system into storing false information about a user—and then quietly use those fabricated "facts" to mislead the person in future conversations.
Think of it like this: imagine if someone could slip a forged document into your personal file cabinet, and from that point forward, your trusted advisor would reference that fake document as if it were genuine truth. That's essentially what's happening here, but with digital systems and artificial intelligence.
The attack works by exploiting two specific weaknesses in Microsoft 365 environments. First, attackers use a technique called "device code" authentication to gain access without needing a password. Second, they employ what security experts call "AitM" (Attacker-in-the-Middle) tactics to intercept and manipulate sessions between the user and their cloud services. Once inside, they can inject false information into the AI assistant's memory system.
This represents a fundamentally different type of cybersecurity threat. Traditionally, hackers steal data or lock systems. This attack is more insidious—it corrupts trust itself. If an AI assistant's memory cannot be relied upon, then the assistant becomes unreliable. Users might take actions based on information they believe is accurate but is actually poisoned by an attacker.
The attacker doesn't need to be obvious about it either. They can hide the changes so the user never realizes their AI has been compromised. This creates a situation where misinformation spreads gradually and naturally through normal conversation, making it harder to detect.
If you use Microsoft 365 and rely on AI assistants for work decisions, scheduling, or important communications, this matters to you directly. Your organization's security is only as strong as the weakest link, and your AI tools are increasingly part of your critical infrastructure.
The broader concern is that as companies integrate AI deeper into their operations, these systems become targets. Attackers will always find the easiest path in, and compromised AI memory is both subtle and powerful.
This discovery reminds us that the future of cybersecurity lies not just in protecting data, but in protecting the trustworthiness of the intelligent systems we increasingly depend on.
Want to understand the technology behind this story? ITVedas has beginner-friendly guides on every IT topic.
Explore IT Chapters →