Microsoft says a Microsoft 365 Copilot bug has been inflicting the AI assistant to summarize confidential emails since late January, bypassing information loss prevention (DLP) insurance policies that organizations depend on to guard delicate data.
In response to a service alert seen by BleepingComputer, this bug (tracked below CW1226324 and first detected on January 21) impacts the Copilot “work tab” chat characteristic, which incorrectly reads and summarizes emails saved in customers’ Despatched Objects and Drafts folders, together with messages that carry confidentiality labels explicitly designed to limit entry by automated instruments.
Copilot Chat (brief for Microsoft 365 Copilot Chat) is the corporate’s AI-powered, content-aware chat that lets customers work together with AI brokers. Microsoft started rolling out Copilot Chat to Phrase, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 enterprise clients in September 2025.
“Customers’ electronic mail messages with a confidential label utilized are being incorrectly processed by Microsoft 365 Copilot chat,” Microsoft stated when it confirmed this concern.
“The Microsoft 365 Copilot ‘work tab’ Chat is summarizing electronic mail messages though these electronic mail messages have a sensitivity label utilized and a DLP coverage is configured.”
Microsoft has since confirmed that an unspecified code error is accountable and stated it started rolling out a repair in early February. As of Wednesday, the corporate stated it was persevering with to observe the deployment and is reaching out to a subset of affected customers to confirm that the repair is working.
“A code concern is permitting gadgets within the despatched gadgets and draft folders to be picked up by Copilot though confidential labels are set in place,” Microsoft added.
Microsoft has not offered a last timeline for full remediation and has not disclosed what number of customers or organizations have been affected, saying solely that the scope of affect could change because the investigation continues.
Nonetheless, this ongoing incident has been tagged as an advisory, a flag generally used to explain service points usually involving restricted scope or affect.

Fashionable IT infrastructure strikes sooner than guide workflows can deal with.
On this new Tines information, find out how your staff can scale back hidden guide delays, enhance reliability by way of automated response, and construct and scale clever workflows on high of instruments you already use.
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the newest breakthroughs, get unique updates, and join with a world community of future-focused thinkers.
Unlock tomorrow’s developments as we speak: learn extra, subscribe to our e-newsletter, and turn into a part of the NextTech group at NextTech-news.com

