Posted on by nura

Sharepoint Hack and GenAI

What happened

A critical zero-day exploit (CVE‑2025‑53770, dubbed “ToolShell,” along with related CVEs) was actively leveraged against on‑premises SharePoint Server (2016, 2019, Subscription Edition), leading to remote code execution and unauthorized access to system content and cryptographic keys.

Attackers, primarily Chinese state-affiliated groups (Linen Typhoon, Violet Typhoon, Storm‑2603), have been exploiting these vulnerabilities in widespread campaigns targeting governments, universities, hospitals, energy providers, and more.

Over 100 organizations worldwide (including the U.S. National Nuclear Security Administration and other federal and state agencies) have been compromised.

Breaches began around July 18–19, 2025, a full week after Microsoft initially pooled a patch for a related flaw.

Even after patches, attackers may still maintain access by reusing stolen cryptographic machine keys.

Immediate actions to be taken

Microsoft released emergency patches, including comprehensive updates for SharePoint Server 2016, 2019, and Subscription Edition. Security agencies like CISA urged organizations to immediately apply updates and consider taking vulnerable servers offline until mitigated.

A wake-up call for the GenAI era

Now imagine that same compromised content oon those SharePoint servers are being quietly indexed and served to an LLM via a Retrieval-Augmented Generation (RAG) pipeline.

RAG systems are only as secure as the documents they fetch,   and access control boundaries often don’t survive the leap into vectorized AI search.

What this breach tells us:

  • Many enterprises don’t have document-level access control integrated into their AI layer
  • Once retrieved by RAG, data becomes contextually reassembled, creating new leakage risks
  • Prompt injection and goal-hijacking can turn retrieval pipelines into attack surfaces.

Cyber resilience in AI means securing the entire chain:

  • From document access rights
  • To vector database protection
  • To real-time enforcement of identity-aware policies

It’s time we stop thinking of GenAI as just a feature. It’s a new security perimeter and attack surface,  and it needs the same attention as your traditional security stack ranging from WAF, IAM to SIEM and vulnerability management.

Leave a comment