Google and Microsoft are bringing AI to Word, Excel, Gmail and more. It could boost productivity for us – and cybercriminals

champpixs/Getty Images

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Mohiuddin Ahmed and Paul Haskell-Dowland
 

Connecting state and local government leaders

By Mohiuddin Ahmed and Paul Haskell-Dowland

|

Cybercriminals may leverage generative AI tools to steal personal data posted online, researchers say.

Google and Microsoft are on a mission to remove the drudgery from computing, by bringing next-generation AI tools as add-ons to existing services.

On March 16, Microsoft announced an AI-powered system called Copilot will soon be introduced to its 365 suite apps including Word, Excel, PowerPoint, Outlook and Teams.

The news came about two days after Google published a blog explaining its plans to embed AI into its Workspace apps such as Docs, Sheets, Slides, Meet and Chat.

Collectively, millions of people use these apps each day. Bolstering them with AI could provide a major productivity boost – as long as security isn’t an afterthought.

The advent of generative AI

Until recently AI was mainly used for categorisation and identification tasks, such as recognising a number plate using a traffic camera.

Generative AI allows users to create new content, by applying deep-learning algorithms to big data. ChatGPT and DALL-E, among others, have already taken the world by storm.

Now, Microsoft and Google have found a more concrete way to bring generative AI into our offices and classrooms.

Like other generative AI tools, Copilot and Workspace AI are built on large language models (LLM) trained on massive amounts of data. Through this training, the systems have “learned” many rules and patterns that can be applied to new content and contexts.

Microsoft’s Copilot is being trialled with just 20 customers, with details about availability and pricing to be released “in the coming months”.

Copilot will be integrated across apps to help expedite tedious or repetitive tasks. For example, it will:

  • help users write, edit and summarise Word documents
  • turn ideas or summaries into full PowerPoint presentations
  • identify data trends in Excel and quickly create visualisations
  • “synthesise and manage” your Outlook inbox
  • provide real-time summaries of Teams meetings
  • bring together data from across documents, presentations, email, calendar, notes and contacts to help write emails and summarise chats.

Assuming it executes these tasks effectively, Copilot will be a massive upgrade from Microsoft’s original Office Assistant, Clippy.

Google’s Workspace AI will offer similar capabilities for paying subscribers.

What’s under the hood?

Microsoft described Copilot as a

sophisticated processing and orchestration engine working behind the scenes to combine the power of LLMs, including GPT-4 […].

We don’t know specifically which data GPT-4 itself was trained on, just that it was a lot of data taken from the internet and licensed, according to OpenAI.

Google’s Workspace AI is built on PaLM (Pathways Language Model), which was trained on a combination of books, Wikipedia articles, news articles, source codes, filtered webpages, and social media conversations.

Both systems are integrated into existing cloud infrastructure. This means all the data they are applied to will already be online and stored in company servers.

The tools will need full access to the relevant content in order to provide contextualised responses. For instance, Copilot can’t distil a 16-page Word document into one page of bullet points without first analysing the text.

This raises the question: will users’ information be used to train the underlying models?

In relation to this point, Microsoft has said:

Copilot’s large language models are not trained on customer content or on individual prompts.

Google has said:

[…] private data is kept private, and not used in the broader foundation model training corpus.

These statements suggest the 16-page document itself won’t be used to train the algorithms. Rather, Copilot and Workspace AI will process the data in real-time.

Given the rush to develop such AI tools, there may be temptation to train such tools on “real” customer-specific data in the future. For now, however, it seems this is being explicitly excluded.

Usability concerns

As many people noted following ChatGPT’s release, text-based generative AI tools are prone to algorithmic bias. These concerns will extend to the new tools from Google and Microsoft.

The outputs of generative AI tools can be riddled with inaccuracies and prejudice. Microsoft’s own Bing chatbot, which also runs on GPT-4, came under fire earlier this year for making outrageous claims.

Bias occurs when large volumes of data are processed without appropriate selection or understanding of the training data, and without proper oversight of training processes.

For example, much of the content online is written in English – which is likely the main language spoken by the (mostly white and male) people developing AI tools. This underlying bias can influence the writing style and language constructs understood by, and subsequently replicated by, AI-driven systems.

For now, it’s hard to say exactly how issues of bias might present in Copilot or Workspace AI. As one example, the systems may simply not work as effectively for people in non-English-speaking countries, or with diverse styles of English.

Security concerns

One major vulnerability in Microsoft’s and Google’s AI tools is they could make it much easier for cybercriminals to bleed victims dry.

Related articles

ChatGPT-powered cyberattacks expected, report says

ChatGPT could make phishing more sophisticated

Whereas before a criminal may have needed to trawl through hundreds of files or emails to find specific data, they can now use AI-assisted features to quickly collate and extract what they need.

Also, since there’s so far no indication of offline versions being made available, anyone wanting to use these systems will have to upload the relevant content online. Data uploaded online are at greater risk of being breached than data stored only on your computer or phone.

Finally, from a privacy perspective, it’s not particularly inspiring to see yet more avenues through which the biggest corporations in the world can collect and synthesise our data.

The Conversation

Mohiuddin Ahmed, Senior Lecturer in Cyber Security, Edith Cowan University and Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

NEXT STORY: Gambling is a tech industry. Are Nevada regulators up for the challenge?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.