Microsoft Copilot has access to three million sensitive data records per organization, wide-ranging AI survey finds - here's why it matters (www.techradar.com)

Concentric AI’s 2025 Data Risk Report warns that Microsoft Copilot is touching far more sensitive enterprise data than many organizations realize: in H1 2025 Copilot accessed nearly three million confidential records per organization on average, roughly 55% of externally shared files. The report—based on aggregated customers across technology, healthcare, government and financial services—found 57% of shared data contained privileged information (about 70% in finance and healthcare). Firms also leave large volumes of data exposed: an average of two million critical business records were shared with no restrictions, 400,000+ records were shared to personal accounts (60% of those confidential), and organizations averaged over 3,000 Copilot interactions where sensitive content could be modified or exposed. Beyond direct Copilot exposure, the study highlights systemic data hygiene problems that multiply risk: average holdings included ~10 million duplicate records, ~7 million records older than 10 years, plus millions of orphaned/inactive user entries. Concentric cautions that oversharing, excessive permissions and uncontrolled GenAI use increase the attack surface and threaten IP, financial and personal data. For the AI/ML community this underscores the need for stronger governance—data classification, DLP, least-privilege access, logging/auditing, model input sanitization and retrieval controls—before integrating LLM assistants into routine workflows.