Microsoft's AI assistant has been caught revealing information that should remain hidden, raising serious security concerns for developers worldwide. Security researchers have discovered that Microsoft Copilot can access and reveal content from GitHub repositories that have been set to private, potentially exposing sensitive corporate data and credentials.
The Security Breach Discovery
Security researchers at Lasso, a cybersecurity firm focused on AI-related threats, uncovered a significant vulnerability in Microsoft Copilot. The team discovered that Copilot could access one of their own GitHub repositories that had been set to private. The repository had briefly been public before being switched back to private status, but that short window was enough for Microsoft's Bing search engine to index and cache the content. Even after the repository was properly secured, Copilot continued to access and reveal this supposedly private information when prompted with the right questions.
Scale of the Exposure
Following their initial discovery, Lasso conducted a broader investigation that revealed alarming results. The security firm identified more than 20,000 GitHub repositories that had been set to private in 2024 but remained accessible through Microsoft Copilot. This exposure affects an estimated 16,000 organizations, including major technology companies like IBM, Google, PayPal, Tencent, and Microsoft itself. The scope of this security issue is substantial, potentially compromising intellectual property, corporate data, and security credentials across the tech industry.
 |
|---|
| Interconnected technology highlighting the vast scale of exposed private data across organizations due to the AI security breach |
Sensitive Information at Risk
The exposed repositories potentially contain highly sensitive information that could be exploited by malicious actors. According to Lasso's findings, cybercriminals could potentially manipulate Copilot into revealing confidential information such as access keys, security tokens, and proprietary code. The security firm advised affected organizations to take immediate action by rotating or revoking any compromised security credentials to mitigate potential damage from this exposure.
Microsoft's Response
When Lasso reported the vulnerability to Microsoft in November 2024, the company's response was surprisingly dismissive. Microsoft classified the issue as low-severity and described the caching behavior as acceptable. While Microsoft did remove cached search results related to the affected data from Bing in December 2024, Lasso warns that Copilot still retains the data within its AI model, meaning the information remains potentially accessible through the right prompts.
Broader Implications for AI Security
This incident highlights a growing concern about how AI systems are trained and what information they retain. As AI chatbots and assistants continuously scan the internet for training data, they may capture and store information that was only temporarily public or was never intended for broad distribution. The lack of regulation around this data collection and retention creates significant security risks, especially when dealing with sensitive corporate information or personal data.
Preventative Measures for Developers
In light of this discovery, developers and organizations using GitHub should review their repository security practices. Even temporary public exposure of sensitive repositories can lead to long-term security risks as AI systems index and retain that information. Regular rotation of security credentials, careful management of repository visibility settings, and auditing of potentially exposed information are becoming essential practices in an AI-powered development environment.