Copilot exposes private GitHub pages, some removed by Microsoft
1 min read
Summary
Microsoft’s Copilot AI chatbot is inadvertently giving access to the contents of private GitHub repositories from major tech firms.
This information was originally posted as public on GitHub, but then set to private after developers realised they contained sensitive data.
However, months after these settings were changed, the data is still available via Copilot, which is powered by Microsoft’s Bing search engine.
After discovering the issue in the second half of 2024, Microsoft introduced fixes, but Lasso AI firm discovered that private data was still available through Copilot.
This included a GitHub repository that had been made private following a lawsuit against Microsoft for alleged copyright infringement.
The repository, which hosted tools to bypass security in Microsoft’s generative AI services, was removed from GitHub, but still accessible via Copilot.
