Summary: The video discusses a significant AI security concern regarding Microsoft’s co-pilot, which has been found to cache web pages that contain sensitive data from private GitHub repositories. This discovery highlights the risks associated with “zombie data,” where information that was temporarily public remains accessible despite later being secured.
Keypoints:
- Microsoft co-pilot is generating security concerns due to its caching of sensitive data.
- The distinction between Microsoft co-pilot and GitHub co-pilot is acknowledged.
- Lasso Security reported finding private GitHub repositories exposed by co-pilot through cached data from Bing.
- Co-pilot has access to data from cached pages indexed by Bing, even if those pages are no longer publicly available.
- Over 20,000 private repos were found cached and accessible through co-pilot.
- Microsoft initially marked the exposure as low impact but subsequently removed co-pilot’s access to the Bing cache within two weeks.
- This issue underscores the potential dangers of “zombie data,” which can remain available even after being secured.
Youtube Video: https://www.youtube.com/watch?v=kZZWlu5F9Gw
Youtube Channel: Hak5
Video Published: Thu, 06 Mar 2025 17:00:55 +0000