US EditionMicrosoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one
5 Articles
5 Articles
Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one
For four weeks starting January 21, Microsoft's Copilot read and summarized confidential emails despite every sensitivity label and DLP policy telling it not to. The enforcement points broke inside Microsoft’s own pipeline, and no security tool in the stack flagged it. Among the affected organizations was the U.K.'s National Health Service, which logged it as INC46740412 — a signal of how far the failure reached into regulated healthcare environ…
Microsoft's AIA has visibly taken a few freedoms. Since the end of January, a bug in Microsoft 365 Copilot allowed the assistant to summarize e-mails that were marked as confidential, bypassing the protection policies put in place by the companies. The publisher acknowledged the problem and deployed a fix, without detailing the exact extent of the incident.
Microsoft has praised Copilot for months as a "secure AI supporter for businesses", but a recent incident shows how sensitive and in truth blurry the boundary between compliance with and non-compliance with privacy settings can be. It's a mistake that upsets the foundation of trust and privacy in many companies. Copilot Chat has analyzed confidential emails without permission What should actually be impossible has happened since January at the C…
Microsoft has recognized an error in Microsoft 365 Copilot Chat, its generational AI-based work assistant, which caused some business users to see how the system was able to access and summarize contents of mails stored in Outlook within Drafts and Items sent, even when those messages were labeled confidential. The information was “taken up” in Copilot’s experience, especially in the working tab, as if the assistant had opened a drawer that had …
Microsoft 365 Copilot Bug Circumvented DLP Controls
Microsoft has confirmed a bug in Microsoft 365 Copilot Chat that allowed the AI assistant to summarize emails labeled as confidential, even when sensitivity labels and data loss prevention (DLP) policies were in place. The issue, first identified on Jan. 21, 2026 and tracked internally as CW1226324, impacted Copilot’s “work tab” chat feature. “Without proper due diligence on the data handling by the AI, sensitive information may not be treated …
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
