Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

What security leaders need to know about AI governance in SaaS

New Zur Malware Variant Variant Targeting Developers via Trojanized Termius MacOS App

AMD warns about new temporary scheduler attacks affecting a wide range of CPUs

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Thousands of exposed Github repositories, currently private, are still accessible via copilot
Startups

Thousands of exposed Github repositories, currently private, are still accessible via copilot

userBy userFebruary 26, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

Security researchers warn that data exposed to the internet for a long time will be present in online-generated AI chatbots like Microsoft Copilot, long after data became private.

According to a new study from Israeli cybersecurity company Lasso, former Github repositories of some of the world’s largest companies have been affected, including those from Microsoft.

Lasso co-founder Ophir Dror told TechCrunch that he found content from his own Github repository that appears in Copilot as it was indexed and cached by Microsoft’s Bing Search Engine. Dror said the repository had been incorrectly published for a short time, but has since been set to private and when accessed on GitHub it returned an “unfinished” error.

“Amazingly, at Copilot, we found one of our own private repositories,” Dror says. “If I browse the web, this data won’t be displayed. But anyone in the world can ask the correct question to Copilot and get this data.”

We investigated further after realising that GitHub data could potentially be published even in a short time by tools such as Copilot.

Lasso extracted a list of repositories that were published at any point in 2024, and then identified those repositories that were subsequently set to be deleted or private. Using Bing’s caching mechanism, the company has discovered over 20,000 Github repositories are still accessible through Copilot, affecting over 16,000 organizations.

Lasso told TechCrunch ahead of the publication of the investigation that affected organizations include Amazon Web Services, Google, IBM, PayPal, Tencent and Microsoft. Amazon told TechCrunch after its publication that it was not affected by the issue. “We have taken the advice of our legal team and removed all mentions to AWS,” Lasso said, “We stand firm in our research.”

Some affected companies could be encouraged to return copilots with sensitive Github archives that include intellectual property, sensitive company data, access keys and tokens, the company said.

Lasso pointed out that since Microsoft deleted it, it has used Copilot to retrieve GitHub Repo content to host a tool that allows for the creation of “offensive and harmful” AI images using Microsoft’s Cloud AI service.

Droar said Lasso reached out to all affected businesses “seriously affected” by data exposure and advised them to rotate or revoke the compromised key.

None of the affected companies named by Lasso responded to TechCrunch questions. Microsoft also did not respond to TechCrunch investigations.

Lasso has notified Microsoft of its November 2024 survey results. Microsoft told Lasso that the cash advance behavior was “acceptable” and classified the issue as “low severity.” Microsoft no longer includes links to Bing caches in search results since December 2024.

However, Lasso’s caching feature was disabled, but Copilot can access the data, indicating a temporary fix, even if it is not visible in traditional web searches.

Updated with post-published comments from Amazon Web Services and Lasso.


Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticlePackaging waste commands will advance the circular economy
Next Article Malicious PYPI package “AutomSLC” enables 104K+ illicit deether music download
user
  • Website

Related Posts

Why isn’t Cluely’s Roy Lee sweating cheating?

July 10, 2025

Microsoft has internally shared $500 million in AI savings since cutting 9,000 jobs

July 9, 2025

California legislators behind SB 1047 raise mandatory AI safety reports

July 9, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

What security leaders need to know about AI governance in SaaS

New Zur Malware Variant Variant Targeting Developers via Trojanized Termius MacOS App

AMD warns about new temporary scheduler attacks affecting a wide range of CPUs

Supports the supply of important minerals to meet demand

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

The Future of Process Automation is Here: Meet TwinH

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.