Private GitHub Repos Still Reachable Through Copilot After Being Made Private

GitHub not working
Agencies Ghacks
Feb 26, 2025
Development, Misc
|
0

Security researchers have discovered that thousands of GitHub repositories, which were once publicly accessible but have since been made private, remain accessible through AI-powered tools like GitHub Copilot. This issue highlights the persistent nature of data exposure on the internet, where information, even if briefly public, can be retained and utilized by generative AI systems long after it has been restricted.

GitHub Copilot, developed by GitHub in collaboration with OpenAI and Microsoft, is an AI-based coding assistant that suggests code snippets and completions to developers. It has been trained on a vast corpus of publicly available code, enabling it to provide contextually relevant suggestions. However, this training data includes code from repositories that were public at the time of training but have since been made private. As a result, Copilot may still generate code suggestions based on content from these now-private repositories.

This situation raises significant concerns about data privacy and security. Developers who inadvertently exposed sensitive information in public repositories, even for a short duration, may find that this data has been ingested by AI models and can still be accessed indirectly through tools like Copilot. This underscores the importance of exercising caution when sharing code publicly and the challenges of completely retracting information once it has been exposed online.

In response to these concerns, GitHub has implemented features to enhance transparency and control over AI-generated code suggestions. For instance, Visual Studio now supports code referencing for GitHub Copilot completions, allowing developers to verify if suggestions are based on public code, which could have licensing implications. This feature provides detailed information on any public code matches found, enabling developers to make informed decisions about incorporating suggested code into their projects.

Despite these measures, the incident serves as a reminder of the enduring nature of data once it has been made public. Developers are advised to thoroughly review their code for sensitive information before making it public and to be aware that, even after making a repository private, previously exposed data may still be accessible through AI tools trained on prior public data.

Source: Techcrunch

Advertisement

Related content

Windows 11 Insider Preview Build 23521 brings new options to the Snipping Tool, Never Combined Mode for Taskbar

Microsoft Confirms Build 2025 Dates: Here’s When to Tune In
Claude AI's upcoming voice feature will transform user experience

EU’s New AI Law Bans ‘High-Risk’ Systems: here’s what that means

Meet UI-TARS: The Open-Source AI Agent Taking Tech by Storm

Github Copilot vs ChatGPT: Which one is better for coding?
The "CSS position not sticky not working" error is very frustrating for many and we are here to tell you how to fix it.

CSS position sticky not working: How to fix it?
Nowadays, voice actors are training the AI that is ready to take their place in the industry and some actors are furious about the change.

Voice actors are training the AI which will be their replacement

Tutorials & Tips

How to delete all Google history from every device

The only Starfield performance optimization guide you need

How to fix Disney+ Hotstar Error code: PB_WEB_DR-6007-001_X

How to fix Roblox error code 277: Explained


Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2025 - All rights reserved