Surely this will never go wrong with a password manager copying stuff to a clipboard.
Also they probably never tested that with pornographic search queries / clipboard contents, which will be very common in the real world. And even if they did test, they probably just did so with vanilla terms that are easily identified as pornographic by AI. Cue Copilot regurgitating porn queries because it mistakenly believes they are relevant to some current work task.
Personally I'm ready with popcorn for Microsoft unleashing chaos.
Somehow I doubt it would work correctly for my setup. My middle monitor has a KVM switch to switch from my Linux work/main setup (laptop in a docking station) to my gaming Windows tower computer (+a bunch of audio hardware to merge output and split mic input). I'm using barrier[1] to share mouse and keyboard between my Linux and Windows PC. My password manager runs on Linux because the Windows setup is bare-bones for obvious reasons, with barrier syncing the clipboard over the network. If I had to guess, that stuff is going to synced to the cloud and ran through AI by default, because Microsoft won't have the foresight to make cloud-sync opt-in as opposed to opt-out by the software.
Obviously I will make damn sure that Microsoft thing isn't running on my setup, but if they considered barrier/synergy users, I'll be surprised.
For Linux, Android based systems clipboard content can be marked as sensitive. For systems using X and Wayland the informal standard is to add an extra format to the clipboard contents with the MIME type "x-kde-passwordManagerHint" and have the contents of it be "secret" to signal that it is sensitive.
If these aren't being properly translated between systems when using barrier than that is a security issue with barrier itself.
Of course you're right, but bugs in third-party software using your APIs should not cause security issues in stuff you introduce later. Using whitelisting/opt-in vs blacklisting would solve this.
I already don't like how many operating systems retroactively dealt with passwords on the clipboard. "Sensitive" should've been the new default. Passwords aren't the only thing either. If I'm using some app or software that is either messaging, financial, or something medical, even if it just tracks my period, anything I copy originating from there should be treated as sensitive.
Soon you won't be able to write family members "hey, the results are in and I've got testicular cancer" without some data-kraken like Microsoft gobbling that up and feeding it to their AI.
Next thing you know some AI sneaks that into a company-wide mail "Quarterly Results" at your mother's place of work, because your mother has trouble using computers and is happy AI can write mails for her now. If that sounds unlikely to you, then to illustrate here's ChatGPT making that exact mistake:
Also they probably never tested that with pornographic search queries / clipboard contents, which will be very common in the real world. And even if they did test, they probably just did so with vanilla terms that are easily identified as pornographic by AI. Cue Copilot regurgitating porn queries because it mistakenly believes they are relevant to some current work task.
Personally I'm ready with popcorn for Microsoft unleashing chaos.