Author: Brian Carnell

The Privacy and Security Risks of Microsoft Copilot

Lawyer and YouTuber Leonard French does an excellent job here of walking through the privacy and security risks of Microsoft Copilot being turned on by default in Microsoft 365 applications.

Microsoft has largely dismissed security concerns by claiming that a) it doesn’t use the content of users’ documents to train its AI models and b) it only acts on documents that the user has explicit authorization to access.

But is this good enough? Probably not.

French references a Bluesky conversation between lawyer Kathryn Tewson and Ben Schorr, a senior project content manager at Microsoft, and nicely walks through the security concerns that Tewson and others have that Schorr completely dismisses.

The concern is pretty straightforward: suppose I am writing a Word document. Will Copilot restrict itself to using only the context of the document I am currently writing, or will it also rely on other documents I can access when generating content?

It is not difficult to think of scenarios where the latter is a significant problem, but Microsoft seems not to have even considered this.

French references strict requirements that lawyers have not to mingle data or information across cases–which could be a problem if Copilot looks through all files a user has access to to generate a response to a prompt.

But you can imagine other obvious scenarios where this would be a no-no. For example, I might have in a OneDrive folder somewhere that contains a copy of one of my employees’ most recent performance reviews and a copy of a previous disciplinary letter.

If I am writing a new document that references this employee, I sure as hell do not want Copilot potentially mixing information from either of those documents into my new document. I would hope that I would catch this if it did, but get enough users creating enough documents, and this sort of boundary crossing is inevitably going to occur in the wild (likely with potential legal or other consequences).

Moreover, Microsoft appears to be intentionally making the process of turning Copilot off confusing and challenging. Their current documentation includes instructions for turning off Copilot in specific applications and then adds that if you do so in one application, it will be turned off elsewhere. However, it is difficult to trust Microsoft, to say the least, given its history of “accidentally” turning features back on that users explicitly disabled.

French’s entire 18-minute video is well worth watching, and it is hard to draw any conclusion but that Microsoft’s AI offerings are unsafe to use under pretty much any circumstance given that the company wants them so tightly integrated with the OS and applications will likely be installed on at least a billion devices in the coming few years.

Socrates On The Forgetfulness Engendered By Writing

I heard, then, that at Naucratis, in Egypt, was one of the ancient gods of that country, the one whose sacred bird is called the ibis, and the name of the god himself was Theuth. He it was who invented numbers and arithmetic and geometry and astronomy, also draughts and dice, and, most important of all, letters. Now the king of all Egypt at that time was the god Thamus, who lived in the great city of the upper region, which the Greeks call the Egyptian Thebes, and they call the god himself Ammon. To him came Theuth to show his inventions, saying that they ought to be imparted to the other Egyptians. But Thamus asked what use there was in each, and as Theuth enumerated their uses, expressed praise or blame, according as he approved or disapproved. The story goes that Thamus said many things to Theuth in praise or blame of the various arts, which it would take too long to repeat; but when they came to the letters, “This invention, O king,” said Theuth, “will make the Egyptians wiser and will improve their memories; for it is an elixir of memory and wisdom that I have discovered.” But Thamus replied, “Most ingenious Theuth, one man has the ability to beget arts, but the ability to judge of their usefulness or harmfulness to their users belongs to another;and now you, who are the father of letters, have been led by your affection to ascribe to them a power the opposite of that which they really possess. For this invention will produce forgetfulness in the minds of those who learn to use it, because they will not practice their memory. Their trust in writing, produced by external characters which are no part of themselves, will discourage the use of their own memory within them. You have invented an elixir not of memory, but of reminding; and you offer your pupils the appearance of wisdom, not true wisdom, for they will read many things without instruction and will therefore seem to know many things, when they are for the most part ignorant and hard to get along with, since they are not wise, but only appear wise.

— Phaedrus, Plato, 370 BCE

Nature Medicine Study of GLP-1: Mapping the effectiveness and risks of GLP-1 receptor agonists

A forthcoming paper in Nature Medicine looks at the impact of GLP-1 on 175 health outcomes by comparing cohorts in US Department of Veteran Affairs databases:

Glucagon-like peptide 1 receptor agonists (GLP-1RAs) are increasingly being used to treat diabetes and obesity. However, their effectiveness and risks have not yet been systematically evaluated in a comprehensive set of possible health outcomes. Here, we used the US Department of Veterans Affairs databases to build a cohort of people with diabetes who initiated GLP-1RA (n = 215,970) and compared them to those who initiated sulfonylureas (n = 159,465), dipeptidyl peptidase 4 (DPP4) inhibitors (n = 117,989) or sodium-glucose cotransporter-2 (SGLT2) inhibitors (n = 258,614), a control group composed of an equal proportion of individuals initiating sulfonylureas, DPP4 inhibitors and SGLT2 inhibitors (n = 536,068), and a control group of 1,203,097 individuals who continued use of non-GLP-1RA antihyperglycemics (usual care). We used a discovery approach to systematically map an atlas of the associations of GLP-1RA use versus each comparator with 175 health outcomes. Compared to usual care, GLP-1RA use was associated with a reduced risk of substance use and psychotic disorders, seizures, neurocognitive disorders (including Alzheimer’s disease and dementia), coagulation disorders, cardiometabolic disorders, infectious illnesses and several respiratory conditions. There was an increased risk of gastrointestinal disorders, hypotension, syncope, arthritic disorders, nephrolithiasis, interstitial nephritis and drug-induced pancreatitis associated with GLP-1RA use compared to usual care. The results provide insights into the benefits and risks of GLP-1RAs and may be useful for informing clinical care and guiding research agendas.