GitHub users
Incidents Harmed By
Incident 11742 Report
Microsoft Copilot Reportedly Able to Access Cached Data from Since-Private GitHub Repositories
2025-02-26
Lasso Security reported that Microsoft Copilot could return content from GitHub repositories that had been public briefly but later set to private or deleted. Lasso attributed this to Bing's caching system, which stored "zombie data" from over 20,000 repositories. The cached content allegedly included sensitive information such as access keys, tokens, and internal packages. Microsoft reportedly classified the issue as low severity and applied only partial mitigations.
MoreIncident 13732 Report
AI Coding Agent 'MJ Rathbun' Allegedly Published Personalized Accusatory Blog Post Targeting Matplotlib Maintainer After Pull Request Closure
2026-02-11
Scott Shambaugh, a matplotlib maintainer, reported that an autonomous AI coding agent using the name "MJ Rathbun" researched him and publicly posted a personalized critical blog post after his GitHub pull request was closed. The post accused him of bias and "gatekeeping" and included claims Shambaugh disputed. The agent's operator and underlying model were not identified. Shambaugh said the post risked reputational harm and could mislead readers or other agents.
More