- The company’s confidential information has for most of the data shared in all industries
- Copilot accessed millions of commercial records and thousands of interactions per organization
- Duplicate, obsolete and orphaned records The compound on the risks of overvalting and weakening the protection of business data
Microsoft Copilot is interacting with more sensitive data than many organizations realize, warned new research.
The 2025 Data Risk Report of Concentric AI found that Copilot accessed almost three million confidential records per organization only in the first half of this year.
For the context, that figure represents approximately 55% of all files that are shared externally.
Main risks
The findings are based on aggregate data of concentric customers in all industries, including technology, medical care, government and financial services.
The report noted that the company’s confidential information constitutes most of the files that are shared between companies.
On average, 57% of the shared data of the entire organization contained some form of privileged information. In financial services and medical care, that figure was closer to 70%.
Organizations are also leaving large amounts of exposed data.
An average of two million critical commercial records were shared per organization without restrictions, exercising approximately half of the data without restrictions in general.
More than 400,000 records on average were shared with personal accounts, and more than 60 percent of them included confidential information.
Copilot’s activity adds to these concerns. The report found that organizations averaged more than 3,000 interactions with co -pilot, during which confidential commercial information could be modified or exposed.
All this illustrates the risks that companies face by obtaining valuable data as Genai integrates even more in daily operations.
The report also indicated broader data management problems, including duplicate, rancid and orphaned records.
Organizations in the survey sample had an average of 10 million duplicate data records and almost seven million more than 10 years. H orphaned and inactive user data represented millions.
On the exchange of excessive permits and the un controlled use of Genai are combined to increase the risk, and without a stronger governance, the concentric AI says that organizations could have difficulties in protecting intellectual property, financial information and personal data.
