Microsoft Confirms Copilot Bug Let AI Summarize Confidential Emails

Microsoft has confirmed that a bug in Microsoft 365 Copilot Chat allowed the AI to summarize confidential emails in violation of certain data loss prevention policies. The issue affected Copilot's work tab, which connects to Microsoft 365 apps like Outlook, and involved emails in users' Sent Items and Drafts folders that have confidential or sensitive labels. These labels normally tell Copilot not to touch protected content, but the bug caused the system to ignore those safeguards in some conditions, BleepingComputer reported Wednesday.

According to Microsoft, the problem stemmed from a code error in Copilot Chat, not misconfigured tenant policies. The silver lining, if there is one, is that the mailbox access permissions still worked, so Copilot did not expose emails to people who did not already have the rights to read them.

Microsoft says the bug appeared in late January 2026 and that it started rolling out a server ...