- Confidential company information accounts for most data shared across industries
- Copilot opened millions of business registers and thousands of interactions per year. Organization
- Duplicate, stale and orphaned items Connection risk and weakened business data protection
Microsoft Copilot interacts with more sensitive data than many organizations are aware of, new research has warned.
Concentric AI’s 2025 Data Risk Report found that Copilot gained access to almost three million confidential items per year. Organization in the first half of this year alone.
For context, this number represents approx. 55% of all files sharing externally.
Big risks
The results are based on total data from concentric AI customers across industries, including technology, healthcare, government and financial services.
The report noted confidential company information is the majority of files shared across companies.
On average, 57% of the organized shared data contained a form of privileged information. In financial services and healthcare, this figure was closer to 70%.
Organizations also leave large amounts of data exposed.
An average of two million critical business registers per Organization was shared without restrictions that worked for approx. half of unlimited data in general.
More than 400,000 items were shared on average with personal accounts and over 60 percent of them included confidential information.
Copilot activity adds to these concerns. The report found that organizations were, on average, more than 3,000 interactions with copilot, where sensitive business information could potentially be changed or exposed to.
All of this illustrates the risk companies that face when ensuring valuable data when Genai becomes further integrated into daily operations.
The report also pointed to wider data control problems, including duplicate, stale and orphans.
Organizations in the study test had an average of 10 million duplicate data records and almost seven million older than 10 years. Orphaned and inactive user data accounted for millions more.
Cutting, excessive permits and uncontrolled Genai use are combined to increase the risk, and without stronger governance, concentric AI says that organizations could fight to protect intellectual property, financial information and personal data.
