Microsoft says a bug in Microsoft 365 Copilot caused the AI assistant to summarize emails labeled confidential, bypassing data loss prevention (DLP) policies relied on by enterprise customers.
The issue was first detected on January 21st and tracked internally under CW1226324, BleepingComputer reports.
It affected the Copilot “work tab” chat feature, which incorrectly read and summarized emails stored in users’ Sent Items and Drafts folders, including messages protected by sensitivity labels.
Microsoft acknowledges the problem in a service alert.
“Users’ email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat. The Microsoft 365 Copilot ‘work tab’ chat is summarizing email messages even though these email messages have a sensitivity label applied and a DLP policy is configured.”
The company says an unspecified code issue allowed items in Sent Items and Draft folders to be picked up by Copilot despite confidentiality protections.
Microsoft 365 Copilot Chat is the company’s AI-powered, content-aware chat tool that enables users to interact with AI agents across applications, including Word, Excel, PowerPoint, Outlook and OneNote. The feature began rolling out to paying Microsoft 365 business customers in September 2025.
Microsoft says it began deploying a fix in early February and continues to monitor the rollout, contacting a subset of affected users to confirm that the remediation is working. The incident has been tagged as an advisory, a designation typically used for service issues with limited scope or impact.
After publication of the report, a Microsoft spokesperson provided an additional statement clarifying the scope of the issue.
“We identified and addressed an issue where Microsoft 365 Copilot Chat could return content from emails labeled confidential authored by a user and stored within their Draft and Sent Items in Outlook desktop. This did not provide anyone access to information they weren’t already authorized to see. While our access controls and data protection policies remained intact, this behavior did not meet our intended Copilot experience, which is designed to exclude protected content from Copilot access. A configuration update has been deployed worldwide for enterprise customers.”
Microsoft has not disclosed how many users or organizations were affected and has not provided a final timeline for full remediation, saying the scope of impact may change as the investigation continues.
Disclaimer: Opinions expressed at CapitalAI Daily are not investment advice. Investors should do their own due diligence before making any decisions involving securities, cryptocurrencies, or digital assets. Your transfers and trades are at your own risk, and any losses you may incur are your responsibility. CapitalAI Daily does not recommend the buying or selling of any assets, nor is CapitalAI Daily an investment advisor. See our Editorial Standards and Terms of Use.