Tenable Research identified multiple vulnerabilities in Microsoft’s Azure Health Bot. The flaws could have allowed privilege escalation. The Health Bot service is cloud-based, allowing healthcare organizations to build virtual health assistants. The chatbots built through the Health Bot service can have access to sensitive personal health information. The flaws discovered would have bypassed all safeguards in place to prevent cross-tenant access. Tenable researchers stated that their recent discovery demonstrates the risk of rushed AI development. Microsoft patched all vulnerabilities quickly after they were discovered.

Read more: https://www.darkreading.com/application-security/microsoft-azure-ai-health-bot-infected-with-critical-vulnerabilities