Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

Copilot Chat Bug Bypasses DLP on 'Confidential' Email

A code error caused Microsoft 365 Copilot to bypass data loss prevention and confidentiality labels, prompting a fix rollout starting early February, Microsoft said.

  • On February 18, 2026, Microsoft confirmed a bug let Microsoft 365 Copilot summarize customers' confidential emails for weeks and logged the incident as an advisory.
  • The issue, traced to a code error, was first detected on January 21, 2026, with Redmond saying it caused Copilot to pick up items it should not have processed under bug CW1226324.
  • In practice, the feature was summarizing emails stored in Sent Items and Drafts folders despite sensitivity labels and DLP policies, Microsoft said.
  • Microsoft began rolling out a fix in early February and is monitoring the deployment while contacting a subset of affected users, though it has not disclosed a final timeline or affected customer numbers.
  • In the enterprise context, Microsoft documentation shows sensitivity labels may function differently across apps, while 72 percent of S&P 500 companies cite AI as a material risk despite DLP and Microsoft Purview protections.
Insights by Ground AI

15 Articles

MashableMashable
Left

Microsoft Copilot read confidential emails without permission

Microsoft says its AI tool Copilot was summarizing business users' confidential emails without permission.

·United States
Read Full Article
The RegisterThe Register
Center

Copilot Chat bug bypasses DLP on 'Confidential' email

: Data Loss Prevention? Yeah, about that...

Read Full Article
Inc.Inc.
Center

A Microsoft Copilot Bug Has Been Exposing Confidential Emails—Are You Affected?

The company is working on deploying a fix for impacted users.

Read Full Article
TechCrunchTechCrunch
Center

Microsoft says Office bug exposed customers' confidential emails to Copilot AI

Microsoft said the bug meant that its Copilot AI chatbot was reading and summarizing paying customers' confidential emails, bypassing data-protection policies.

·United States
Read Full Article
BleepingComputerBleepingComputer
Reposted by
slashdot.orgslashdot.org
Center

Microsoft says bug causes Copilot to summarize confidential emails

Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.

Read Full Article
igor´sLABigor´sLAB

Microsoft Under Pressure: Microsoft Copilot Ignores Dlp Rules and Displays Confidential Content

When compliance becomes a mere formality, a single programming error is all it takes – and the most sophisticated security architecture collapses. That's precisely what happened with Microsoft Copilot. A bug in the code allowed the AI assistant to display confidential content from Outlook folders, even though it was protected by Data Loss Prevention and sensitivity labels. The problem wasn't […] Source

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 80% of the sources are Center
80% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Wednesday, February 18, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Technology icon

Technology

Artificial Intelligence icon

Artificial Intelligence

Redmond, Washington icon

Redmond, Washington

Big Tech and Platforms icon

Big Tech and Platforms

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal