Last year, Microsoft integrated Copilot Chat into Word, Excel, PowerPoint, and Outlook. Recently, a technical flaw created a serious problem. Reports say a Microsoft 365 Copilot bug allowed the AI assistant to summarise confidential Outlook emails for several weeks without permission.
The issue also bypassed organisations’ Data Loss Prevention (DLP) security policies, which protect sensitive data. Microsoft has released a fix, but the incident has raised major privacy concerns. Companies usually apply confidential labels in Outlook to secure sensitive communication and block automated access.
How the Copilot Bug Accessed Confidential Emails
Microsoft told Bleeping Computer that the bug enabled Copilot to summarise confidential emails from late January. Engineers first detected the issue (CW1226324) on January 21, and it affected the Copilot Work tab chat feature.
Because of the flaw, Copilot accessed emails stored in users’ Sent Items and Drafts folders and created summaries. The system even processed emails marked with confidential labels that should have blocked automated processing. Reports say the bug ignored DLP safeguards that organisations rely on to secure private information.
Microsoft also confirmed that Microsoft 365 Copilot Chat incorrectly handled emails with confidential labels. The Work tab chat feature generated summaries even though sensitivity labels and DLP protections remained active.
Microsoft Releases Fix and Monitors Impact
Microsoft linked the issue to a coding error and started rolling out a fix in early February. The company continues to monitor the deployment and has contacted some affected users to confirm the fix works properly.
Microsoft has not disclosed how many users the bug affected.
AI Expansion Continues
The incident comes as Microsoft expands AI features across Outlook, Word, Excel, and PowerPoint. The company also launched AI-powered shopping tools for Copilot in the Edge browser last year.
SEO Keywords:
Microsoft Copilot bug, Outlook confidential emails, Microsoft 365 Copilot privacy issue, Copilot Outlook security flaw, Microsoft AI email summary issue, Data Loss Prevention DLP Microsoft, Copilot Work tab bug, Outlook security vulnerability, Microsoft AI privacy concerns, Copilot Edge AI shopping features