• Business

    Microsoft Copilot has access to three million sensitive data records per organization, wide-ranging AI survey finds – here’s why it matters

    AnyFans Posted on

    By Wayne Williams

    Copyright techradar

    Microsoft Copilot has access to three million sensitive data records per organization, wide-ranging AI survey finds - here's why it matters

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    Insider risk on the rise as survey finds 50% of employees have too much privileged access – and AI will make it far worse

    How GenAI complacency is becoming cybersecurity’s silent crisis

    ChatGPT hit by a zero-click, server-side vulnerability that criminals can use to siphon sensitive data – here’s how to stay safe

    Many bosses don’t believe their workers have good enough security awareness

    AI in the workplace: the legal risks businesses can’t afford to ignore

    Tackling Shadow AI: how UK businesses can mitigate the risks

    Convenience over privacy? Nearly one in three Brits sharing confidential information with AI chatbots

    How AI resurrected an unsolved security problem — data sprawl

    AI “set to supercharge insider threats” – as cybersecurity professionals warn of an impending AI agent onslaught

    The AI Triple Threat: mitigating the dangers of AI adoption with identity security

    Navigating the rise of Shadow AI in project-based businesses

    “We’re putting our money where our mouth is” – CyXcel reveals it’s one stop digital risk shop

    Unified data, smarter AI: how to unlock business value responsibly

    Insider breaches are a bigger security threat than ever before – here’s how your business can stay safe

    AI Platforms & Assistants
    Is your job safe from AI? A new report reveals one role that’s surprisingly at risk

    Microsoft Copilot has access to three million sensitive data records per organization, wide-ranging AI survey finds – here’s why it matters

    Wayne Williams

    27 September 2025

    New report shows just how problematic AI in business can be

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Windows Latest / Microsoft)

    Confidential company information accounts for most data being shared across industries
    Copilot accessed millions of business records and thousands of interactions per organization
    Duplicate, stale, and orphaned records compound oversharing risks and weaken enterprise data protection

    Microsoft Copilot is interacting with more sensitive data than many organizations realize, new research has warned.

    Concentric AI’s 2025 Data Risk Report found Copilot accessed almost three million confidential records per organization in the first half of this year alone.
    For context, that figure represents roughly 55% of all files being shared externally.

    You may like

    Insider risk on the rise as survey finds 50% of employees have too much privileged access – and AI will make it far worse

    How GenAI complacency is becoming cybersecurity’s silent crisis

    ChatGPT hit by a zero-click, server-side vulnerability that criminals can use to siphon sensitive data – here’s how to stay safe

    Major risks
    The findings are based on aggregated data from Concentric AI customers across industries including technology, healthcare, government, and financial services.

    The report noted confidential company information makes up the majority of files being shared across businesses.
    On average, 57% of organization-wide shared data contained some form of privileged information. In financial services and healthcare that figure was closer to 70%.
    Organizations are also leaving large amounts of data exposed.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    An average of two million critical business records per organization were shared with no restrictions, working out to about half of unrestricted data overall.
    More than 400,000 records on average were shared with personal accounts, and over 60 percent of those included confidential information.
    Copilot activity is adding to these worries. The report found organizations averaged more than 3,000 interactions with Copilot, during which sensitive business information could potentially be modified or exposed.

    You may like

    Insider risk on the rise as survey finds 50% of employees have too much privileged access – and AI will make it far worse

    How GenAI complacency is becoming cybersecurity’s silent crisis

    ChatGPT hit by a zero-click, server-side vulnerability that criminals can use to siphon sensitive data – here’s how to stay safe

    This all illustrates the risk enterprises face when securing valuable data as GenAI becomes further integrated into daily operations.
    The report also pointed to broader data management problems, including duplicate, stale, and orphaned records.
    Organizations in the survey sample held an average of 10 million duplicate data records and nearly seven million older than 10 years. Orphaned and inactive user data accounted for millions more.
    Oversharing, excessive permissions and uncontrolled GenAI use combine to increase risk, and without stronger governance, Concentric AI says organizations could struggle to protect intellectual property, financial information and personal data.
    You might also like

    Masked, not erased: how broken redaction fuels AI data leaks
    Microsoft Copilot targeted in first “zero-click” attack on an AI agent
    AI: What they don’t tell you (but you need to know)

    Wayne Williams

    Social Links Navigation

    Wayne Williams is a freelancer writing news for TechRadar Pro. He has been writing about computers, technology, and the web for 30 years. In that time he wrote for most of the UK’s PC magazines, and launched, edited and published a number of them too.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    Insider risk on the rise as survey finds 50% of employees have too much privileged access – and AI will make it far worse

    How GenAI complacency is becoming cybersecurity’s silent crisis

    ChatGPT hit by a zero-click, server-side vulnerability that criminals can use to siphon sensitive data – here’s how to stay safe

    Many bosses don’t believe their workers have good enough security awareness

    AI in the workplace: the legal risks businesses can’t afford to ignore

    Tackling Shadow AI: how UK businesses can mitigate the risks

    Latest in Pro

    Watch out – hackers are using AI to make phishing emails even more convincing

    Nearly 150,000 patient records exposed in major healthcare data breach – here’s what we know

    This devious malware has jumped from Meta over to Google Ads and YouTube to spread – here’s how to stay safe

    Microsoft flags dangerous XCSSET macOS malware targeting developers – so be on your guard

    I helped create Amazon’s Alexa – here’s why I think businesses should embrace humanity’s analogous imperfection to succeed

    US Government tells agencies to patch Cisco firewalls immediately, or face attack

    Latest in News

    New Samsung Galaxy Z Tri-fold leaks hint at key software and camera zoom features

    You can now use Google’s viral Nano Banana AI directly in Photoshop

    ICYMI: the week’s 7 biggest tech stories from Apple’s response to ‘Scratchgate’ and the ROG Xbox Ally’s price reveal

    The Esquisse Camera looks like the pocketable rangefinder that photographers wish Panasonic or Sony would make

    Sticking with Windows 10 next month? Here’s what you need to know about your choices and risks you might be taking

    Quordle hints and answers for Saturday, September 27 (game #1342)

    LATEST ARTICLES

    Got an Xbox Series X/S for Christmas? Do these 5 things right now

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like