Last Update: 04/05/2026 at 2:50 PM EST
Microsoft Copilot Bypasses Confidential Email Controls
Coverage from CX Today, BleepingComputer, and others
Articles
3
Latest Article
02/20
Active Days
3
Executive Summary
Microsoft 365 Copilot Chat was found summarizing confidential emails despite DLP labels, prompting a fix rollout and renewed concerns over AI data controls.
- Microsoft confirmed a Copilot Chat bug affecting confidential emails in Outlook Drafts and Sent Items
- The flaw let Copilot summarize messages even when sensitivity labels and DLP policies were set
- The issue was first detected on January 21 and tracked as CW1226324
- Microsoft said a fix began rolling out in early February and deployment is being monitored
- Affected customers are being contacted to verify the patch is working
- The incident raised concerns about AI tools bypassing enterprise privacy and governance controls
- NHS England and other public sector users were among the environments flagged in reports
Quick Facts
- What: A bug summarized confidential emails despite DLP protections
- Where: In Microsoft 365 Outlook Drafts and Sent Items
- Why: A code issue bypassed label-based access controls
- Who: Microsoft 365 Copilot Chat users and enterprise customers
- When: Detected January 21 and patched in early February
Coverage Timeline: 3 Days
Featured Article
Microsoft confirmed that a January bug allowed Microsoft 365 Copilot Chat to summarize confidential emails despite DLP labels, and began an early February fix rollout while monitoring deployment across affected customers in EU and UK environments.
Additional Articles
⭐⭐⭐
Microsoft reports a Copilot bug in January 2026 that summarizes confidential emails despite data protection policies.
Microsoft Copilot Chat surfaced confidential emails in Outlook drafts and sent items in January, with a worldwide fix rolled out for enterprise customers.