Microsoft’s Copilot AI assistant is exposing the contents of greater than 20,000 personal GitHub repositories from firms together with Google, Intel, Huawei, PayPal, IBM, Tencent and, sarcastically, Microsoft.
These repositories, belonging to greater than 16,000 organizations, had been initially posted to GitHub as public, however had been later set to non-public, usually after the builders accountable realized they contained authentication credentials permitting unauthorized entry or different kinds of confidential information. Even months later, nevertheless, the personal pages stay obtainable of their entirety by Copilot.
AI safety agency Lasso found the habits within the second half of 2024. After discovering in January that Copilot continued to retailer personal repositories and make them obtainable, Lasso got down to measure how large the issue actually was.
