\n<\/p>\n
Security researchers are warning that data exposed to the internet,\u00a0even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private.<\/p>\n
Thousands of once-public GitHub repositories from some of the world\u2019s biggest companies are affected, including Microsoft\u2019s, according to new findings from Lasso, an Israeli cybersecurity company focused on emerging generative AI threats.\u00a0\u00a0<\/p>\n
Lasso co-founder Ophir Dror told TechCrunch that the company found content from its own GitHub repository appearing in Copilot because it had been indexed and cached by Microsoft\u2019s Bing search engine. Dror said the repository, which had been mistakenly made public for a brief period, had since been set to private, and accessing it on GitHub returned a \u201cpage not found\u201d error.<\/p>\n
\u201cOn Copilot, surprisingly enough, we found one of our own private repositories,\u201d said Dror. \u201cIf I was to browse the web, I wouldn\u2019t see this data. But anyone in the world could ask Copilot the right question and get this data.\u201d<\/p>\n
After it realized that any data on GitHub, even briefly, could be potentially exposed by tools like Copilot, Lasso investigated further.<\/p>\n
Lasso extracted a list of repositories that were public at any point in 2024 and identified the repositories that had since been deleted or set to private. Using Bing\u2019s caching mechanism, the company found more than 20,000 since-private GitHub repositories still had data accessible through Copilot, affecting more than 16,000 organizations. <\/p>\n
Affected organizations include Amazon Web Services, Google, IBM, PayPal, Tencent, and Microsoft itself, according to Lasso. For some affected companies, Copilot could be prompted to return confidential GitHub archives that contain intellectual property, sensitive corporate data, access keys, and tokens, the company said. <\/p>\n
Lasso noted that it used Copilot to retrieve the contents of a GitHub repo \u2014 since deleted by Microsoft \u2014 that hosted a tool allowing the creation of \u201coffensive and harmful\u201d AI images<\/a> using Microsoft\u2019s cloud AI service.<\/p>\n Dror said that Lasso reached out to all affected companies who were \u201cseverely affected\u201d by the data exposure and advised them to rotate or revoke any compromised keys.<\/p>\n None of the affected companies named by Lasso responded to TechCrunch\u2019s questions. Microsoft also did not respond to TechCrunch\u2019s inquiry.\u00a0<\/p>\n Lasso informed Microsoft of its findings in November 2024. Microsoft told Lasso that it classified the issue as \u201clow severity,\u201d stating that this caching behavior was \u201cacceptable,\u201d Microsoft no longer included links to Bing\u2019s cache<\/a> in its search results starting December 2024.<\/p>\n However, Lasso says that though the caching feature was disabled,\u00a0Copilot still had access to the data even though it was not visible through traditional web searches, indicating a temporary fix.\u00a0<\/p>\n<\/div>\n