Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Security researchers have big warning for developers on Microsoft Copilot, ET CISO

Security researchers have big warning for developers on Microsoft Copilot, ET CISO

Security researchers have big warning for developers on Microsoft Copilot, ET CISO

Security researchers have discovered that thousands of private GitHub repositories can still be accessed through Microsoft Copilot, even after they’ve been made private or deleted. According to findings published by Israeli cybersecurity firm Lasso, this vulnerability affects more than 20,000 repositories from over 16,000 organizations worldwide.

Lasso co-founder Ophir Dror revealed that data exposed to the internet, even briefly, can remain accessible through Copilot long after it’s removed from public view. The issue stems from Microsoft’s Bing search engine caching repository content, which then becomes retrievable through Copilot despite no longer being available through conventional web searches.

“On Copilot, surprisingly enough, we found one of our own private repositories,” Dror told TechCrunch. “If I was to browse the web, I wouldn’t see this data. But anyone in the world could ask Copilot the right question and get this data.”

The vulnerability potentially exposes confidential information including intellectual property, sensitive corporate data, and access keys from major companies like Google, IBM, PayPal, Tencent, and even Microsoft itself. Amazon Web Services has denied being affected.

In one alarming example, Lasso used Copilot to retrieve contents from a deleted Microsoft repository that contained tools for creating “offensive and harmful” AI images using Microsoft’s cloud service.

Microsoft was informed of these findings in November 2024 but classified the issue as “low severity,” claiming the caching behavior was “acceptable.” Though Microsoft stopped including links to Bing’s cache in search results in December 2024, Lasso reports that Copilot still maintains access to the cached data.

Lasso has notified severely affected companies and advised them to rotate or revoke any compromised keys. Neither Microsoft nor most of the affected organizations have responded to inquiries about the vulnerability.

  • Published On Feb 28, 2025 at 08:50 AM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles


Scan to download App

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Juniper Firewall
Cisco Firewall
Checkpoint Firewall
paloalto Firewall
Fortinet Firewall
Forcepoint Firewall

 

Sophos Firewall
WatchGuard Firewall
Barracuda Firewall
Sonicwall Firewall
GajShield Firewall
Seqrite Firewall

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket

Firewall Firm is a Managed Firewall Security Solution Provider Company in India | Digital Marketing by SEO Company India | Powered by IT Monteur