Microsoft Copilot is accessing significantly more sensitive data than organizations realize, with new research from Concentric AI showing the AI assistant interacted with nearly three million confidential records per organization in the first half of 2025. The study found that 57% of organization-wide shared data contained privileged information, rising to 70% in financial services and healthcare sectors, while Copilot averaged over 3,000 interactions per organization during which sensitive business information could potentially be modified or exposed. Organizations are leaving massive amounts of data vulnerable, with an average of two million critical business records shared without restrictions and over 400,000 records shared with personal accounts, more than 60% of which included confidential information. The research also revealed broader data management problems including an average of 10 million duplicate records per organization, nearly seven million records older than 10 years, and millions of orphaned or inactive user data files. Concentric AI warns that the combination of oversharing, excessive permissions, and uncontrolled GenAI use creates significant risks for protecting intellectual property, financial information, and personal data as AI becomes more integrated into daily business operations.
Edward Kiledjian
@ekiledjian