Description: Lasso Security reported that Microsoft Copilot could return content from GitHub repositories that had been public briefly but later set to private or deleted. Lasso attributed this to Bing's caching system, which stored "zombie data" from over 20,000 repositories. The cached content allegedly included sensitive information such as access keys, tokens, and internal packages. Microsoft reportedly classified the issue as low severity and applied only partial mitigations.
Editor Notes: Timeline notes: This incident ID date is marked 02/26/2025 because the bulk of reporting centered on Lasso Security's investigation emerged at that time. (Lasso's report is dated 02/27/2025, though.) However, Lasso cites an August 2024 LinkedIn post by Zachary Horton identifying the problem months before significant press coverage: https://www.linkedin.com/posts/zak-horton_github-ai-privacy-activity-7225764812117487616-YcGP. The incident ID was created 08/15/2025.
Entities
View all entitiesAlleged: Microsoft , GitHub , Microsoft Copilot and Bing developed and deployed an AI system, which harmed GitHub users , GitHub repositories and GitHub.
Incident Stats
Incident ID
1174
Report Count
2
Incident Date
2025-02-26
Editors
Daniel Atherton
Incident Reports
Reports Timeline
Loading...
Security researchers are warning that data exposed to the internet, even for a moment, can linger in online generative AI chatbots like Microsoft Copilot long after the data is made private.
Thousands of once-public GitHub repositories from…
Loading...
In August 2024, we encountered a LinkedIn post claiming that OpenAI was training on, and exposing, data from private GitHub repositories. Given the seriousness of this claim, our research team immediately set out to investigate.
A quick se…
Variants
A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?
Similar Incidents
Did our AI mess up? Flag the unrelated incidents
Similar Incidents
Did our AI mess up? Flag the unrelated incidents