Microsoft 365 Copilot Bug Exposes Confidential Emails, Bypasses Security Protections

Microsoft 365 Copilot bug exposes confidential emails by bypassing security protections, allowing the AI assistant to incorrectly summarize sensitive messages from users' Sent Items and Drafts folders since late January, with Microsoft now deploying fixes.

• Microsoft confirms a bug in Microsoft 365 Copilot causes the AI assistant to summarize confidential emails since late January, bypassing data loss prevention policies designed to protect sensitive information
• The bug affects Copilot's 'work tab' chat feature which incorrectly reads and summarizes emails in users' Sent Items and Drafts folders, including messages with confidentiality labels that should restrict automated access
• Microsoft begins rolling out a fix in early February and continues monitoring the deployment, though no final timeline for full remediation or number of affected users has been disclosed