Security researchers warn that data exposed to the internet for a long time will be present in online-generated AI chatbots like Microsoft Copilot, long after data became private.
According to a new study from Israeli cybersecurity company Lasso, former Github repositories of some of the world’s largest companies have been affected, including those from Microsoft.
Lasso co-founder Ophir Dror told TechCrunch that he found content from his own Github repository that appears in Copilot as it was indexed and cached by Microsoft’s Bing Search Engine. Dror said the repository had been incorrectly published for a short time, but has since been set to private and when accessed on GitHub it returned an “unfinished” error.
“Amazingly, at Copilot, we found one of our own private repositories,” Dror says. “If I browse the web, this data won’t be displayed. But anyone in the world can ask the correct question to Copilot and get this data.”
We investigated further after realising that GitHub data could potentially be published even in a short time by tools such as Copilot.
Lasso extracted a list of repositories that were published at any point in 2024, and then identified those repositories that were subsequently set to be deleted or private. Using Bing’s caching mechanism, the company has discovered over 20,000 Github repositories are still accessible through Copilot, affecting over 16,000 organizations.
Lasso told TechCrunch ahead of the publication of the investigation that affected organizations include Amazon Web Services, Google, IBM, PayPal, Tencent and Microsoft. Amazon told TechCrunch after its publication that it was not affected by the issue. “We have taken the advice of our legal team and removed all mentions to AWS,” Lasso said, “We stand firm in our research.”
Some affected companies could be encouraged to return copilots with sensitive Github archives that include intellectual property, sensitive company data, access keys and tokens, the company said.
Lasso pointed out that since Microsoft deleted it, it has used Copilot to retrieve GitHub Repo content to host a tool that allows for the creation of “offensive and harmful” AI images using Microsoft’s Cloud AI service.
Droar said Lasso reached out to all affected businesses “seriously affected” by data exposure and advised them to rotate or revoke the compromised key.
None of the affected companies named by Lasso responded to TechCrunch questions. Microsoft also did not respond to TechCrunch investigations.
Lasso has notified Microsoft of its November 2024 survey results. Microsoft told Lasso that the cash advance behavior was “acceptable” and classified the issue as “low severity.” Microsoft no longer includes links to Bing caches in search results since December 2024.
However, Lasso’s caching feature was disabled, but Copilot can access the data, indicating a temporary fix, even if it is not visible in traditional web searches.
Updated with post-published comments from Amazon Web Services and Lasso.
Source link
