TL;DR

Microsoft has confirmed that a bug in its 365 Copilot Chat feature allowed the AI to read and summarise emails marked as confidential since January, even when customers had data loss prevention policies in place. A fix began rolling out in early February, but Microsoft has not disclosed how many customers were affected.

What happened

The bug, first reported by Bleeping Computer and tracked as CW1226324, meant that draft and sent email messages “with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat,” according to Microsoft. Copilot Chat is a paid AI feature available across Microsoft’s Office products including Word, Excel and PowerPoint.

The issue is particularly concerning because it directly undermined data loss prevention (DLP) policies — the controls organisations use to prevent sensitive information from being ingested by AI systems. For organisations handling regulated data, this represents exactly the kind of failure that erodes confidence in enterprise AI tools.

Microsoft said it began rolling out a fix earlier in February but did not respond to questions about the number of affected customers.

Wider context

The timing is notable. Earlier the same week, the European Parliament’s IT department blocked built-in AI features on lawmakers’ work-issued devices, citing concerns that AI tools could upload potentially confidential correspondence to the cloud. The Parliament’s decision and Microsoft’s bug disclosure both point to a growing tension between the push to embed AI across enterprise software and the practical realities of protecting sensitive information.

Looking forward

The incident raises questions about how enterprise AI tools handle labelled and classified data. As organisations adopt AI assistants across their workflows, the reliability of sensitivity labels and DLP policies becomes a baseline expectation rather than an optional safeguard. Microsoft’s silence on the scale of the breach may prompt regulators and enterprise customers to press for more transparency on AI-related data handling incidents.