Microsoft’s Copilot AI Assistant Exposes Private GitHub Repositories: A Wake-Up Call for Developers
In a shocking revelation, AI security firm Lasso has discovered that Microsoft’s Copilot AI assistant is exposing the contents of over 20,000 private GitHub repositories, including those belonging to major companies like Google, Intel, Huawei, PayPal, IBM, Tencent, and even Microsoft itself. These repositories, which were originally made public but later set to private, contain sensitive information such as authentication credentials, private encryption keys, and other confidential data.
The issue stems from the cache mechanism in Bing, which indexed the pages when they were publicly available and never removed the entries even after the pages were changed to private on GitHub. Since Copilot uses Bing as its primary search engine, the private data remains accessible through the AI chatbot. This means that anyone using Copilot can still view the contents of these private repositories, even after they were supposed to be protected.
The Consequences of Publicly Available Code
This is not the first time we’ve seen developers making the same mistake. In fact, it’s a common phenomenon that has been occurring for over a decade. Developers often embed sensitive information directly into their code, despite best practices that recommend inputting data through more secure means. When this code is made publicly available, it can lead to serious security breaches.
When developers realize their mistake, they often make the repository private in an attempt to contain the fallout. However, as Lasso’s findings show, simply making the code private isn’t enough. Once exposed, credentials are irreparably compromised, and the only recourse is to rotate all credentials.
The Partial Fix and the Ongoing Issue
Microsoft introduced changes to fix the issue, but Lasso’s investigation revealed that the fix was only partial. While public access to the cached data was blocked, the underlying data remained accessible to Copilot. This means that the AI assistant can still access the private data, making it available to users who ask.
What Can Developers Do?
Lasso’s findings serve as a wake-up call for developers to take a closer look at their code and repository management practices. Here are some simple steps anyone can take to find and view the same massive trove of private repositories:
- Use Bing’s cached link feature to search for private repositories.
- Use Copilot to access the private repositories.
- Review the code and repository management practices to ensure sensitive information is not publicly available.
Conclusion
The exposure of private GitHub repositories through Microsoft’s Copilot AI assistant is a stark reminder of the importance of secure code management practices. Developers must take responsibility for protecting their sensitive information and ensure that it is not publicly available. By following best practices and rotating credentials regularly, developers can minimize the risk of security breaches and protect their intellectual property.
In the meantime, Microsoft must take further action to address the ongoing issue and ensure that Copilot is not exposing private data. As the trusted source in a sea of information, Ars Technica will continue to separate the signal from the noise and provide you with the most important updates on the latest technological advancements.