- Confidential company information explains most of the data shared in all industries
- Copilot has accessed millions of commercial files and thousands of interactions by organization
- Double, expired and orphan records make up the risks of area and weaken the company’s data protection
Microsoft Copilot interacts with more sensitive data than many organizations think, warned new research.
The AI concentration data report in 2025 has revealed that Copilot has accessed nearly three million confidential files per organization in the first half of this year only.
For the context, this figure represents approximately 55% of all shared files externally.
Major risks
The results are based on aggregated data from concentric AI customers in all industries, including technology, health care, government and financial services.
The report noted that the confidential information of the company constitutes the majority of the files shared between companies.
On average, 57% of the data shared at the organizational scale contained a certain form of privileged information. In financial services and health care, this figure was closer to 70%.
Organizations also leave large amounts of data on display.
An average of two million critical commercial files per organization has been shared without restrictions, working at around half of the data without restrictions overall.
More than 400,000 records were shared with personal accounts, and more than 60% of it included confidential information.
The activity of the co -pilot adds to these concerns. The report revealed that organizations had an average of more than 3,000 interactions with Copilot, during which sensitive commercial information could potentially be modified or exposed.
All this illustrates the risks that companies face when securing valuable data as Genai is more integrated into daily operations.
The report also highlighted broader data management problems, including double, expired and orphan records.
The organizations of the survey sample held an average of 10 million databases in doubles and nearly seven million over 10 years old. Orphan and inactive user data represented millions of others.
Moving, excessive authorizations and uncontrolled use of the GENAI are combined to increase risks, and without stronger governance, concentric AI says that organizations may have trouble protecting intellectual property, financial information and personal data.
