An alarming discovery by Israeli cybersecurity firm Lasso has revealed that thousands of GitHub repositories, once public but now private, remain accessible through Microsoft Copilot. The compromised repositories belong to major tech companies, including Amazon Web Services, Google, IBM, PayPal, Tencent, and Microsoft itself. Lasso's investigation found that even after repositories were deleted or set to private, sensitive information could still be retrieved through Copilot.
Security researchers have raised concerns about the potential risks of data exposure through online generative AI chatbots like Microsoft Copilot. Lasso's findings underscore the fact that data exposed to the internet, even briefly, can persist in such tools. For several affected organizations, confidential archives containing intellectual property, sensitive corporate data, and access keys were found accessible through Copilot.
Lasso co-founder Ophir Dror highlighted the gravity of the situation, stating:
"If I was to browse the web, I wouldn’t see this data. But anyone in the world could ask Copilot the right question and get this data."
Lasso's exploration began in 2024 when they identified repositories that were public at any point during the year. They discovered that more than 20,000 repositories from over 16,000 organizations had their data inadvertently exposed via Microsoft's AI tool. Alarmingly, these included GitHub repositories that hosted tools capable of creating "offensive and harmful" AI images using Microsoft's cloud AI service.
Upon realizing the extent of the vulnerability, Lasso contacted Microsoft in November 2024. However, Microsoft categorized the issue as "low severity," citing the caching behavior as "acceptable." The tech giant ceased including links to Bing’s cache in its search results starting December 2024. Despite these measures, Dror expressed frustration as content from Lasso's own GitHub repository appeared in Copilot due to indexing and caching by Bing.
To mitigate further risks, Lasso reached out to all severely affected companies, advising them to rotate or revoke any compromised keys. Meanwhile, Microsoft has not responded to TechCrunch's inquiries regarding this data exposure issue.
Leave a Reply