Digital Event Horizon
Copilot's AI assistant has been exposed to contain more than 20,000 private GitHub repositories from major companies like Google, Intel, and Microsoft. A recent investigation by Lasso found that the exposure was due to a cached data issue with Bing, which continued to make these repositories available despite being set to private. This raises concerns about the security implications of such an incident.
Microsoft's Copilot AI assistant had access to over 20,000 private GitHub repositories. The private data was accessible through Bing's cache mechanism, which indexed public pages and never removed entries once they were changed to private on GitHub. Microsoft introduced changes in November 2024 to fix the issue, but the problem persisted due to cached data still being accessible through Copilot. The incident highlights the need for better security practices in software development and more stringent measures to protect sensitive information.
Microsoft’s Copilot AI assistant has been exposed to contain more than 20,000 private GitHub repositories from companies including Google, Intel, Huawei, PayPal, IBM, Tencent and Microsoft itself. These repositories, belonging to over 16,000 organizations, were originally posted to GitHub as public but later set to private, often after the developers realized they contained authentication credentials that allowed unauthorized access or other types of confidential data.
In January 2024, AI security firm Lasso discovered that Copilot continued to store private repositories and make them available. Lasso researchers then conducted an investigation to determine the extent of the issue. They automated the process of identifying zombie repositories – those that were once public and are now private – and validated their findings. The researchers found that Bing's cache mechanism was indexing these pages when they were published publicly and never bothered to remove the entries once the pages were changed to private on GitHub.
Since Copilot used Bing as its primary search engine, this meant that the private data was available through the AI chat bot as well. After Lasso reported the problem in November 2024, Microsoft introduced changes designed to fix it. However, the researchers discovered that the fix didn't appear to clear the private pages from the cache itself.
As a result, the private information was still accessible to Copilot, which would then make it available to users who interacted with the AI assistant. This raised concerns about the security implications of such an exposure, particularly when developers frequently embed sensitive information directly into their code.
The researchers found that simply making the code private wasn't enough to prevent this kind of breach. Once exposed, credentials were irreparably compromised, and the only recourse was to rotate all credentials. Microsoft had previously incurred legal expenses to have tools removed from GitHub after alleging they violated a range of laws, including the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Lanham Act, and the Racketeer Influenced and Corrupt Organizations Act.
The incident highlights the need for better security practices in software development and more stringent measures to protect sensitive information. Lasso researchers concluded that Microsoft's fix involved cutting off access to a special Bing user interface that was once available at cc.bingj.com. However, this did not fully address the issue of cached data being accessible through Copilot.
The researchers also found that the availability of the private repository in Copilot continued even after Microsoft took action to remove it from GitHub. This led them to suggest steps for anyone to find and view the massive trove of private repositories they identified.
Related Information:
https://www.digitaleventhorizon.com/articles/Copilots-Private-GitHub-Repository-Nightmare-A-Security-Breach-on-a-Grand-Scale-deh.shtml
https://arstechnica.com/information-technology/2025/02/copilot-exposes-private-github-pages-some-removed-by-microsoft/
https://techcrunch.com/2025/02/26/thousands-of-exposed-github-repositories-now-private-can-still-be-accessed-through-copilot/
https://www.techradar.com/pro/security/thousands-of-github-repositories-exposed-via-microsoft-copilot
Published: Thu Feb 27 19:03:36 2025 by llama3.2 3B Q4_K_M
