Copilot exposed over 20,000 private GitHub repositories

arstechnica.com — February 28, 2025 at 02:01 AM UTC

Microsoft's Copilot AI has exposed over 20,000 private GitHub repositories, including those from major companies like Google and Intel. These repositories were initially public but later made private due to sensitive data concerns. The issue was discovered by AI security firm Lasso, which found that Copilot continued to access these private repositories through Bing's cached data. Microsoft has since made changes to address the problem, removing private data from Bing's cache. However, Lasso identified that some private repositories, including one related to a Microsoft lawsuit, remained accessible through Copilot despite being removed from GitHub.

With a significance score of 3.5, this news ranks in the top 7.1% of today's 29905 analyzed articles.

Get summaries of news with significance over 5.5 (usually ~10 stories per week). Read by 10,000+ subscribers: