Wayback Copilot and private GitHub repos: what IAM teams need to know

TL;DR: Microsoft Copilot could return data from GitHub repositories that had been public only briefly and later made private, because Bing cached those pages and exposed so-called zombie data, according to Lasso Security. The finding shows that repository privacy, secret hygiene, and retrieval permissions are still leaky at the identity layer, not just the app layer.

NHIMG editorial — based on content published by Lasso Security: Wayback Copilot: Using Microsoft’s Copilot to Expose Thousands of Private GitHub Repositories

By the numbers:

• 300+ private tokens, keys & secrets to GitHub, Hugging Face, GCP, OpenAI, etc. were exposed.

Questions worth separating out

Q: What breaks when a repository is made private after it was briefly public?

A: What breaks is the assumption that privacy changes erase prior discoverability.

Q: Why do private repositories still create secret exposure risk?

A: Private repositories still create risk because source files often contain reusable credentials, tokens, build artefacts, and internal package references.

Q: How do security teams know if cached code exposure is still active?

A: Teams should test the repository name and known file paths in major search engines and AI assistants, then compare results against current repository status.

Practitioner guidance

• Audit for cached repository exposure Inventory repositories that were ever public, even briefly, and test whether cached copies still surface through search or copilots.
• Scan exposed code for reusable secrets Run secret and token detection across any repository that changed from public to private, then rotate credentials that were present in indexed files, build configs, or package metadata.
• Separate repository privacy from retrieval governance Treat indexing, caching, and AI retrieval as distinct access planes with their own controls and owners.

What's in the full report

Lasso Security's full research covers the operational detail this post intentionally leaves for the source:

• Exact BigQuery and Bing workflow used to identify zombie repositories and cached pages
• Examples of public-to-private repositories where Copilot still returned historical content
• Manual validation steps for confirming whether cached pages still expose code or secrets
• Microsoft's response timeline and the partial-remediation problem after cached-link removal

👉 Read Lasso Security's analysis of Wayback Copilot and private GitHub exposure →

Wayback Copilot and private GitHub repos: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →