Microsoft Copilot bug exposed confidential emails

NEW YORK, Feb. 20 — Microsoft said a software bug in Microsoft 365 Copilot Chat caused the AI assistant to summarize some users’ confidential emails stored in Drafts and Sent Items, even when they were labeled confidential, and the company has deployed a fix.

A service alert tracked as CW1226324 said the Copilot “work tab” was processing messages with sensitivity labels and data loss prevention policies, and the issue was first detected Jan. 21, according to BleepingComputer.

How the exposure happened

Copilot Chat is the paid Microsoft 365 enterprise assistant embedded in Outlook and other Office apps, and it could summarize Drafts and Sent Items despite labels, TechCrunch reported.

Microsoft said the behavior did not grant access to anyone who wasn’t already authorized and that access controls and data protection policies remained intact, according to the BBC.

Fix rollout and scope

Microsoft began rolling out a configuration update in early February and said most environments have the fix while a small set of complex environments is still being updated, per an update cited by BleepingComputer.

The company has not disclosed how many organizations were affected and has labeled the incident an advisory, a service issue with limited scope, Computing.co.uk reported.

Why it matters for enterprise AI

Analysts told BBC News that the rapid pace of AI feature releases makes such mistakes likely and underscores the need for tighter governance and opt-in controls.

The Register noted that sensitivity labels and data loss prevention policies are designed to restrict Microsoft 365 Copilot access, highlighting enterprise concerns about how AI tools handle protected data.

How we report: We select the day’s most important stories, confirm facts across multiple reputable sources, and avoid anonymous sourcing. Our goal is clear, balanced coverage you can trust—because transparency and verification matter for informed readers.