Microsoft says a Microsoft 365 Copilot bug has been inflicting the AI assistant to summarize confidential emails since late January, bypassing knowledge loss prevention (DLP) insurance policies that organizations depend on to guard delicate data.
In keeping with a service alert seen by BleepingComputer, this bug (tracked below CW1226324 and first detected on January 21) impacts the Copilot “work tab” chat characteristic, which incorrectly reads and summarizes emails saved in customers’ Despatched Objects and Drafts folders, together with messages that carry confidentiality labels explicitly designed to limit entry by automated instruments.
Copilot Chat (quick for Microsoft 365 Copilot Chat) is the corporate’s AI-powered, content-aware chat that lets customers work together with AI brokers. Microsoft started rolling out Copilot Chat to Phrase, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 enterprise clients in September 2025.
“Customers’ e-mail messages with a confidential label utilized are being incorrectly processed by Microsoft 365 Copilot chat,” Microsoft mentioned when it confirmed this subject.
“The Microsoft 365 Copilot ‘work tab’ Chat is summarizing e-mail messages despite the fact that these e-mail messages have a sensitivity label utilized and a DLP coverage is configured.”
Microsoft has since confirmed that an unspecified code error is accountable and mentioned it started rolling out a repair in early February. As of Wednesday, the corporate mentioned it was persevering with to watch the deployment and is reaching out to a subset of affected customers to confirm that the repair is working.
“A code subject is permitting objects within the despatched objects and draft folders to be picked up by Copilot despite the fact that confidential labels are set in place,” Microsoft added.
Microsoft has not offered a last timeline for full remediation and has not disclosed what number of customers or organizations have been affected, saying solely that the scope of affect could change because the investigation continues.
Nonetheless, this ongoing incident has been tagged as an advisory, a flag generally used to explain service points sometimes involving restricted scope or affect.
Trendy IT infrastructure strikes sooner than handbook workflows can deal with.
On this new Tines information, find out how your crew can scale back hidden handbook delays, enhance reliability by way of automated response, and construct and scale clever workflows on high of instruments you already use.
