Copilot Exposes Thousands of Private GitHub Repos: Security Risk Alert

Copilot Exposes Thousands of Private GitHub Repos: Security Risk Alert

Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private. Image Credits:Rafael Henrique/SOPA Images/LightRocket / Getty Images Thousands of once-public GitHub repositories from some of the world’s biggest companies are affected, including Microsoft’s, according to new findings from Lasso, an Israeli cybersecuritycompany focused on emerging generative AI threats. Lasso co-founder Ophir Dror told  that the company found content from its own GitHub repository appearing in Copilot because it had been indexed and cached by Microsoft’s Bing search engine. Dror said the repository, which had been mistakenly made public for a brief period, had since been set to private, and accessing it on GitHub returned a “page not found” error. “On Copilot, surprisingly enough, we found one of our own private repositories,” said Dror. “If I was to browse the web, I wouldn’t see t…