Microsoft has confirmed that a bug in its Office software allowed Copilot AI to process and summarize confidential emails without proper permission.
The issue reportedly affected Microsoft 365 customers for several weeks, even when organizations had data loss prevention (DLP) policies in place to block sensitive information from being accessed by AI systems.
According to reports, the bug — identified internally as CW1226324 — caused draft and sent emails labeled as “confidential” to be incorrectly processed by Microsoft 365 Copilot Chat. This means that protected email content could be read and summarized by the AI assistant despite safeguards meant to prevent such access.
Copilot Chat is available to paying Microsoft 365 customers and integrates AI-powered features across Office apps such as Word, Excel, PowerPoint, and Outlook. The incident raises concerns about how AI tools handle enterprise data, especially when organizations rely on labeling systems and compliance rules to protect sensitive communications.
Microsoft stated that it began rolling out a fix earlier in February. However, the company has not disclosed how many customers were affected or whether any sensitive data was stored or used beyond the summarization process
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
