AI Updates Aggregator

💰TechCrunch AI•#data-leak #privacy-breach #ai-security•Feb 18, 2026Freshcollected in 17m

Office Bug Exposes Emails to Copilot

Post LinkedIn

💰Read original on TechCrunch AI

💡Copilot bug leaked enterprise emails—audit Office privacy settings now.

⚡ 30-Second TL;DR

What changed

Office bug allowed Copilot AI to access confidential emails

Why it matters

This security lapse erodes trust in Microsoft 365 for enterprises handling sensitive data. AI practitioners may face heightened scrutiny on Copilot deployments. It underscores the need for robust isolation in AI agents.

What to do next

Audit Copilot permissions in Microsoft 365 admin center to restrict email access.

Who should care:Enterprise & Security Teams

🧠 Deep Insight

Web-grounded analysis with 8 cited sources.

🔑 Key Takeaways

•A bug in Microsoft 365's DLP policy for Copilot allowed Copilot Chat to access and expose confidential emails in Sent Items and Drafts folders despite sensitivity labels[1].
•Customers first reported the issue on January 21, 2026, with Microsoft acknowledging it via service health advisory CW1226324 on February 3, 2026, attributing it to a code issue[1].
•The glitch bypassed DLP rules designed to exclude emails and documents stamped with Confidential labels from Copilot processing, affecting paying customers[1].

🛠️ Technical Deep Dive

•The bug stemmed from a code issue in the DLP policy implementation, specifically failing to suppress confidential material in Copilot responses for Sent Items and Drafts folders[1].
•DLP policy rules are configured to exclude emails, Office documents, or PDFs with Confidential sensitivity labels from Copilot for Microsoft 365 processing[1].
•Items in other folders beyond Sent Items and Drafts were not affected by this glitch[1].

🔮 Future ImplicationsAI analysis grounded in cited sources

This bug raises concerns about the reliability of AI safety mechanisms in enterprise tools, potentially eroding trust in Microsoft 365 Copilot among businesses handling sensitive data and prompting increased scrutiny on AI testing and policy enforcement.

⏳ Timeline

2026-01

Customers first report Copilot accessing confidential emails despite DLP policies

2026-02-03

Microsoft issues service health advisory CW1226324 confirming code issue in DLP for Copilot

2026-02-13

Detailed coverage emerges on the DLP policy bug exposing Sent Items and Drafts to Copilot

📎 Sources (8)

Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.

Microsoft disclosed a bug in Office that enabled Copilot AI to read and summarize paying customers' confidential emails. This incident bypassed the company's data protection policies. The issue highlights privacy risks in AI-integrated productivity tools.

Key Points

1.Office bug allowed Copilot AI to access confidential emails
2.Copilot read and summarized paying customers' emails
3.Bug bypassed Microsoft data protection policies

Impact Analysis

Technical Details

The bug permitted Copilot chatbot to process email content without authorization checks. It affected Office environments where Copilot is enabled for email summarization.

#data-leak #privacy-breach #ai-securitymicrosoft-copilot

💰Read original article on TechCrunch AI

📰

Weekly AI Recap

Read this week's curated digest of top AI events →

👉Read Next

Same topic

Explore #data-leak

Same product

AI-curated news aggregator. All content rights belong to original publishers.
Original source: TechCrunch AI ↗