Experts in security are warning that information shared online, even for a short time, can remain in AI chatbots like Microsoft Copilot long after it has been made private.
Recent research by Lasso, a cybersecurity company from Israel that focuses on new threats from AI, shows that many private GitHub repositories belonging to major firms, including Microsoft, are affected.
According to Ophir Dror, a co-founder of Lasso, they discovered that content from their own GitHub repository appeared in Copilot. This occurred because the data was indexed and stored by Microsoft’s Bing search engine. Although the repository was briefly public and is now private, trying to access it on GitHub results in a “page not found” message.
Dror remarked, “If I were to search the web, I wouldn’t find this data. However, anyone could ask Copilot the right question and access it.”
Recognizing that any data on GitHub, even if it was public for just a moment, could be accessed by tools like Copilot, Lasso decided to investigate further.
They compiled a list of repositories that were public at any point in 2024 and identified those that have since been deleted or made private. By leveraging Bing’s caching system, they found over 20,000 private GitHub repositories that could still be accessed through Copilot, affecting more than 16,000 organizations.
Lasso informed reporters that companies such as Amazon Web Services, Google, IBM, PayPal, Tencent, and Microsoft were among those impacted. Amazon later stated that it is not affected by this issue. Lasso mentioned that they removed references to AWS after consulting their legal team and firmly stand by their research.
For several affected companies, Copilot could be prompted to reveal confidential GitHub archives containing critical information, sensitive data, access keys, and tokens.
Lasso pointed out that they used Copilot to retrieve content from a GitHub repository that had been deleted by Microsoft. This repository hosted a tool for creating “offensive and harmful” AI images using Microsoft’s cloud AI service.
Dror indicated that Lasso reached out to all the companies severely impacted by this data exposure, advising them to change or revoke any compromised access keys.
In November 2024, Lasso informed Microsoft of their findings. Microsoft classified the issue as “low severity,” asserting that the caching behavior was “acceptable.” Starting in December 2024, Microsoft ceased including links to Bing’s cache in search results.
However, Lasso contends that even though the caching feature was disabled, Copilot still has access to this data, indicating that the fix was only temporary.
Other Stories You May Like