Security researchers have big warning for developers on Microsoft Copilot

Security researchers have discovered that thousands of private GitHub repositories can still be accessed through Microsoft Copilot, even after they've been made private or deleted. According to findings published by Israeli cybersecurity firm Lasso, this vulnerability affects more than 20,000 repositories from over 16,000 organizations worldwide.
Lasso co-founder Ophir Dror revealed that data exposed to the internet, even briefly, can remain accessible through Copilot long after it's removed from public view. The issue stems from Microsoft's Bing search engine caching repository content, which then becomes retrievable through Copilot despite no longer being available through conventional web searches.
"On Copilot, surprisingly enough, we found one of our own private repositories," Dror told TechCrunch. "If I was to browse the web, I wouldn't see this data. But anyone in the world could ask Copilot the right question and get this data."
The vulnerability potentially exposes confidential information including intellectual property, sensitive corporate data, and access keys from major companies like Google, IBM, PayPal, Tencent, and even Microsoft itself. Amazon Web Services has denied being affected.
In one alarming example, Lasso used Copilot to retrieve contents from a deleted Microsoft repository that contained tools for creating "offensive and harmful" AI images using Microsoft's cloud service.
Microsoft was informed of these findings in November 2024 but classified the issue as "low severity," claiming the caching behavior was "acceptable." Though Microsoft stopped including links to Bing's cache in search results in December 2024, Lasso reports that Copilot still maintains access to the cached data.
Lasso has notified severely affected companies and advised them to rotate or revoke any compromised keys. Neither Microsoft nor most of the affected organizations have responded to inquiries about the vulnerability.