The experts of the Israeli company Lasso, specializing in cybersecurity and threats from generative AI, have discovered that data that was once posted on the Internet can still be accessed in chat bots with AI, even if it has been quickly hidden (source).
According to researchers, information from closed repositories on GitHub continues to be indexed and utilized by Microsoft Copilot. Companies like Microsoft, Google, IBM, PayPal, and Tencent are among those affected. This issue stems from the caching of data by the Bing search engine, which indexes open repositories even if they are only accessible for a short period (source).
The problem came to light when Lasso accidentally made one of its repositories public and then restricted access. Despite this, researchers found that the information from the remote repository remained accessible via Copilot. Their analysis of thousands of repositories revealed over 20,000 remote or hidden storages still present in the Bing cache and accessible through Copilot, affecting more than 16,000 organizations.
The risk lies in Copilot potentially revealing confidential information, such as intellectual property, corporate data, access keys, and tokens. Lasso also discovered a Microsoft tool in the cache that creates “harmful and offensive” images using cloud AI.
Lasso informed the affected organizations and recommended changing compromised keys, although no comment has been provided by any of the companies involved, including Microsoft. In November 2024, Lasso raised the issue with Microsoft, who categorized it as a “low threat” and deemed the behavior of the cache acceptable.
While Microsoft removed links to the Bing cache from search results in December 2024, Lasso claims that the problem persists, as the data is still accessible via Copilot. This indicates a temporary, rather than a complete, resolution of the issue.