Office Bug Exposes Emails to Copilot
๐กCopilot bug leaked enterprise emailsโaudit Office privacy settings now.
โก 30-Second TL;DR
What Changed
Office bug allowed Copilot AI to access confidential emails
Why It Matters
This security lapse erodes trust in Microsoft 365 for enterprises handling sensitive data. AI practitioners may face heightened scrutiny on Copilot deployments. It underscores the need for robust isolation in AI agents.
What To Do Next
Audit Copilot permissions in Microsoft 365 admin center to restrict email access.
๐ง Deep Insight
Web-grounded analysis with 8 cited sources.
๐ Enhanced Key Takeaways
- โขA bug in Microsoft 365's DLP policy for Copilot allowed Copilot Chat to access and expose confidential emails in Sent Items and Drafts folders despite sensitivity labels[1].
- โขCustomers first reported the issue on January 21, 2026, with Microsoft acknowledging it via service health advisory CW1226324 on February 3, 2026, attributing it to a code issue[1].
- โขThe glitch bypassed DLP rules designed to exclude emails and documents stamped with Confidential labels from Copilot processing, affecting paying customers[1].
- โขMicrosoft is actively fixing the problem, highlighting ongoing challenges in ensuring AI tools respect data protection policies in productivity suites[1].
- โขThis incident underscores privacy risks in AI-integrated tools like Copilot, where software glitches can lead to unintended exposure of sensitive user data[1].
๐ ๏ธ Technical Deep Dive
- โขThe bug stemmed from a code issue in the DLP policy implementation, specifically failing to suppress confidential material in Copilot responses for Sent Items and Drafts folders[1].
- โขDLP policy rules are configured to exclude emails, Office documents, or PDFs with Confidential sensitivity labels from Copilot for Microsoft 365 processing[1].
- โขItems in other folders beyond Sent Items and Drafts were not affected by this glitch[1].
๐ฎ Future ImplicationsAI analysis grounded in cited sources
This bug raises concerns about the reliability of AI safety mechanisms in enterprise tools, potentially eroding trust in Microsoft 365 Copilot among businesses handling sensitive data and prompting increased scrutiny on AI testing and policy enforcement.
โณ Timeline
๐ Sources (8)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
- office365itpros.com โ Dlp Policy for Copilot Bug
- krebsonsecurity.com โ Patch Tuesday February 2026 Edition
- learn.microsoft.com โ Office 365 Account Bug
- techradar.com โ Microsoft Outlook 365 Outage January 22 2026
- neowin.net โ Microsoft Finally Shares Workarounds for Windows 11 Bug That Breaks Outlook in Many Ways
- office-watch.com โ Microsoft Copilot Pullback Office
- techcommunity.microsoft.com โ 4486346
- securityweek.com โ 6 Actively Exploited Zero Days Patched by Microsoft with February 2026 Updates
๐ฐ Event Coverage
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: TechCrunch AI โ