Microsoft’s AI tool, Copilot, has been found to access nearly three million sensitive data records per organization, according to the latest findings from the 2025 Data Risk Report by Concentric AI. This figure, reported in the first half of 2023, highlights the significant volume of confidential information being shared across various industries, raising alarms about data security practices.
The report indicates that approximately 55% of all files shared externally contain confidential company information. In sectors such as financial services and healthcare, this percentage rises dramatically, reaching around 70%. The findings underscore the urgent need for organizations to reassess their data management strategies, particularly in light of increasing insider risks.
According to the report, organizations are sharing an average of two million critical business records without any restrictions. This unrestricted data comprises nearly half of the overall data shared. Alarmingly, more than 400,000 records are shared with personal accounts, with over 60% of these containing sensitive information. Such practices not only expose companies to potential breaches but also complicate compliance with data protection regulations.
Understanding the Risks of Copilot Interactions
The report also highlights that organizations average over 3,000 interactions with Copilot, during which sensitive business information could be at risk of unauthorized modification or exposure. This growing interaction with AI tools raises concerns about the adequacy of existing data governance frameworks.
Concentric AI’s findings reveal broader data management challenges, including the prevalence of duplicate, stale, and orphaned records. On average, organizations surveyed maintain 10 million duplicate records, along with nearly seven million files older than ten years. The accumulation of these records not only complicates data management but also increases the risk of oversharing and data breaches.
As AI tools become more integrated into routine operations, the report emphasizes that organizations must prioritize strengthening their governance policies. Without robust measures in place, companies may struggle to protect their intellectual property, financial information, and personal data.
The Path Forward for Data Protection
The research from Concentric AI serves as a critical reminder of the vulnerabilities inherent in the current landscape of data sharing and management. With the increasing reliance on AI technologies, organizations must take proactive steps to address these risks. Implementing stricter access controls and regular audits of data permissions may help mitigate the potential for breaches.
As companies navigate the complexities of data sharing, the findings from the 2025 Data Risk Report offer valuable insights into the pressing need for enhanced data security measures. By addressing these issues, organizations can better safeguard their sensitive information and maintain the trust of their stakeholders in an increasingly digital world.
