Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.
According to a service alert seen by BleepingComputer, this bug (tracked under CW1226324 and first detected on January 21) affects the Copilot "work tab" chat feature, which incorrectly reads and summarizes emails stored in users' Sent Items and Drafts folders, including messages that carry confidentiality labels explicitly designed to restrict access by automated tools.
Copilot Chat (short for Microsoft 365 Copilot Chat) is the company's AI-powered, content-aware chat that lets users interact with AI agents. Microsoft began rolling out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers in September 2025.
"Users' email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat," Microsoft said when it confirmed this issue.
"The Microsoft 365 Copilot 'work tab' Chat is summarizing email messages even though these email messages have a sensitivity label applied and a DLP policy is configured."
Microsoft has since confirmed that an unspecified code error is responsible and said it began rolling out a fix in early February. As of Wednesday, the company said it was continuing to monitor the deployment and is reaching out to a subset of affected users to verify that the fix is working.
"A code issue is allowing items in the sent items and draft folders to be picked up by Copilot even though confidential labels are set in place," Microsoft added.
Microsoft has not provided a final timeline for full remediation and has not disclosed how many users or organizations were affected, saying only that the scope of impact may change as the investigation continues.
However, this ongoing incident has been tagged as an advisory, a flag commonly used to describe service issues typically involving limited scope or impact.
Update February 19, 12:17 EST: After the article was published, Microsoft reached out with a statement.
"We identified and addressed an issue where Microsoft 365 Copilot Chat could return content from emails labeled confidential authored by a user and stored within their Draft and Sent Items in Outlook desktop. This did not provide anyone access to information they weren’t already authorized to see," a Microsoft spokesperson told BleepingComputer.
"While our access controls and data protection policies remained intact, this behavior did not meet our intended Copilot experience, which is designed to exclude protected content from Copilot access. A configuration update has been deployed worldwide for enterprise customers."
Update February 20, 05:13 EST: Microsoft has updated the service alert, stating that the root cause behind this issue has been addressed.
"Our targeted code fix to prevent further impact is moving forward and has saturated across the majority of affected environments. Our deployment remains in progress only for a small section of our more complex service environments," Microsoft noted. "As such, we believe the root cause of this issue has been addressed for most customers, and no new email messages for customers who have received the fix will be affected moving forward."
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
Comments
b1k3rdude - 1 month ago
Bug they say.. yer suuure.
Love seeing stuff like this, because its just another nail in the coffin that is the b$ that is "AI"
ken_smon - 1 month ago
"Oops. Sorry. We were just reading those emails for our internal use. We did not mean to show you that we were reading them. It was "an unspecified code error".
Sure it was.
2022computerissues - 1 month ago
Just wait until they start calling copilot as a witness in criminal trials.
"Mr. Copilot please summarize all immoral, sleazy, or illegal things your owner does on his computer. Be as graphic and specific as possible please."
wpontius - 1 month ago
Ever heard of privacy, error trapping or secure programing? MYOB Microsloppy!!!
JohnC_21 - 1 month ago
Done with MicroSlop's Windows and all it's AI garbage i.e. AI in what was a simple text editor.
Moving last Windows 10 computer to Linux after ESU expires.
ken_smon - 1 month ago
I wish I could do the same.
I have exactly one mission-critical application I need for work that ONLY runs in Windows. No Linux, no MAC, no nothing.
If I did not literally have it running 8 hours a day, I would be done with Windows.
deltasierra - 1 month ago
Microslop just about had a rather beefy legal issue on their hands with this one.
Their "deliver today, fix tomorrow" ethos is going to cost them dearly someday. Heck, they're already the kids that get burned from playing with fire. Everyone else is learning from their mistakes, lol, but there's always going to be the bold ones that aren't afraid to make them.
That's the only thing that MS has that's of any real value: free life lessons!!
Elastoer - 1 month ago
As long as Microsoft keeps breaking their Operating System through self-inflicted wounds, I remain gainfully employed.