Microsoft Copilot bug led to confidential emails being summarised

The company started deploying a fix in early February

Microsoft has said a software bug in its Microsoft 365 Copilot service caused the AI assistant to summarise confidential emails, despite safeguards designed to prevent such access.

The company confirmed that an error in its code meant some messages marked with sensitivity labels, such as "Confidential", were incorrectly processed by Copilot's chat feature.

The issue, first detected on 21^st January and tracked internally as CW1226324, affected the "work tab" of Microsoft 365 Copilot Chat.

A service alert seen by BleepingComputer, stated that the feature was able to read and summarise emails stored in users' Drafts and Sent Items folders, even when data loss prevention (DLP) policies were configured to block such access.

"Users' email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat," Microsoft said.

"The Microsoft 365 Copilot 'work tab' Chat is summarizing email messages even though these email messages have a sensitivity label applied and a DLP policy is configured."

Safeguards bypassed

Microsoft 365 Copilot is designed as a context-aware assistant that indexes organisational content, including documents, email, SharePoint files and Teams chats, to answer questions, draft content and generate summaries.

To address enterprise privacy concerns, Microsoft built in administrative controls and sensitivity-label-aware exceptions, allowing organisations to exclude certain content from AI processing.

These controls are considered particularly important in regulated sectors such as finance, healthcare and government.

However, the company said a "code issue" allowed items in Sent Items and Drafts to be accessed by Copilot even when confidential labels were in place.

The problem was not caused by a misconfiguration by customers, but by Microsoft's own servers incorrectly applying exclusions for those folders, according to the advisory.

Microsoft said it started deploying a fix in early February and is continuing to monitor its deployment.

It added that it is reaching out to a group of affected users to confirm that the update is functioning as expected.

The firm has not disclosed how many organisations were affected, nor provided a firm timeline for complete remediation.

It has categorised the incident as an advisory, a term typically used for service issues of limited scope or impact.

Concerns over AI and data

The incident comes amid growing scrutiny over how AI tools handle sensitive information.

Earlier this week, the IT department of the European Parliament temporarily disabled AI features on lawmakers' official devices, citing concerns that confidential data could be transmitted outside secure systems.

In an email to staff, the Parliament's technical support desk warned that some AI functions rely on cloud processing to perform tasks such as email summarisation or document drafting.

That process may involve transferring data to external servers.

Officials also expressed concern that information submitted to AI assistants could be used to improve underlying models, potentially exposing sensitive material beyond its original context.