Security experts have uncovered a serious vulnerability in AI-driven chatbot services that allows them to access and reveal private GitHub repositories, potentially exposing sensitive corporate information. Israeli cybersecurity firm Lasso has reported that this flaw affects thousands of developers, organizations, and major tech companies, raising concerns over data retention practices in AI models.
Lasso’s investigation began when its own private GitHub repository was unexpectedly accessible through Microsoft’s Copilot. According to co-founder Ophir Dror, the repository had briefly been public, allowing Bing to index and cache its contents. Even after it was made private again, Copilot continued to generate responses based on the cached data. “If I was to browse the web, I wouldn’t see this data. But anyone in the world could ask Copilot the right question and get this data,” Dror stated.
Further research by Lasso revealed that more than 20,000 GitHub repositories that had been switched to private in 2024 were still accessible through Copilot. The issue reportedly impacted over 16,000 organizations, including major corporations such as IBM, Google, PayPal, Tencent, Microsoft, and Amazon Web Services (AWS). While Amazon denied being affected, Lasso claims that AWS’s legal team pressured them to remove references to the company from their findings.
The exposed repositories contained sensitive data, including security credentials, intellectual property, and corporate secrets. Lasso warned that bad actors could potentially manipulate AI chatbots to extract this information, putting businesses at risk. The company has advised organizations most affected by the breach to revoke or update any compromised credentials immediately.
Microsoft was informed of the security flaw in November 2024 but categorized it as a “low-severity” issue. While Bing removed cached search results of the affected data in December, Microsoft maintained that the caching issue was “acceptable behavior.”
However, Lasso cautioned that despite the cache being cleared, Copilot’s AI model still retains the data. The firm has since published its findings, urging greater oversight and stricter safeguards in AI systems to prevent similar security risks.
