Slashdot: Thousands of Exposed GitHub Repositories, Now Private, Can Still Be Accessed Through Copilot

Feb 27, 2025

—

Source URL: https://yro.slashdot.org/story/25/02/27/2129241/thousands-of-exposed-github-repositories-now-private-can-still-be-accessed-through-copilot?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Thousands of Exposed GitHub Repositories, Now Private, Can Still Be Accessed Through Copilot

Feedly Summary:

AI Summary and Description: Yes

Summary: This text highlights significant security concerns raised by researchers regarding potential data exposure through generative AI tools like Microsoft Copilot. It underscores the persistence of data that can be accessed even after it has been made private, affecting major corporations.

Detailed Description: The content details a security warning from researchers about generative AI and its implications for data privacy and security. Key points include:

– **Data Persistence Issue**: Even data that is temporarily exposed to the internet can remain accessible via generative AI tools after being marked private.
– **Example Case**: The cybersecurity company Lasso discovered its own GitHub repository’s data appeared in Copilot even after it was set to private, suggesting Microsoft’s Bing search engine cached this data.
– **Scope of the Problem**: A substantial number of GitHub repositories—more than 20,000—were found to still have accessible data through Copilot, affecting over 16,000 organizations, including notable corporations such as Amazon Web Services, Google, IBM, PayPal, and Tencent.
– **Confidentiality Risks**: These exposed repositories can potentially include sensitive corporate information, intellectual property, and critical access credentials that could lead to significant security breaches.

**Implications for Security and Compliance Professionals**:
– The findings stress the importance of vigilant data management and understanding the lifecycle of data exposure, particularly in relation to AI and generative tools.
– Organizations must implement stringent practices for securing and monitoring access to their digital repositories to prevent unintended data leaks.
– This scenario raises questions about compliance and governance regarding data that may inadvertently remain accessible, underscoring a need for stringent privacy regulations.

In summary, this insight serves as a critical reminder for professionals in security, privacy, and compliance to assess the controls and governance surrounding their data in the age of generative AI technology.

1 2 24 4 5 7 a access access credentials Act after AI AI technology AI tool AI tools Amazon Amazon Web Services and anti Arch art as being bing breach breaches by C Cache CERN compliance compliance and governance compliance professionals concerns confidentiality content control controls Copilot core credential credentials critical cyber cybersecurit Cybersecurity D data data exposure data leak data leaks data management data persistence data privacy de digital DoT e end event exp for g Gen generative Generative AI generative AI tools generative tools git GitHub GitHub repositories Go Google governance gs H high Highlight HR http HTTPS IBM implications in information Intel Intellectual Property inter intern internet J k Key l Lasso led Li life Link man management Micro Microsoft Microsoft Copilot Monitor monitoring N no non o of on opilot organization organizations ory out over point potential pre privacy privacy regulations problem professionals question R rate RCE red Regulation regulations repository research researchers Risk risks Ro s search search engine sec security security and compliance security breach security breaches security concerns service services Sig source SSE T Tails tech technology Tencent text the to tool tools Tor TP US V web web services x