Microsoft 365 Copilot Bug Bypasses DLP Policies for Confidential Emails
Summary
Hide ▲
Show ▼
A bug in Microsoft 365 Copilot has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies. The issue affects the Copilot 'work tab' chat feature, which incorrectly reads and summarizes emails stored in users' Sent Items and Drafts folders, including messages with confidentiality labels. Microsoft confirmed the bug and began rolling out a fix in early February, but the full remediation timeline and scope of impact remain undisclosed.
Timeline
-
18.02.2026 14:03 1 articles · 11h ago
Microsoft 365 Copilot Bug Bypasses DLP Policies for Confidential Emails
A bug in Microsoft 365 Copilot, first detected on January 21, 2026, causes the AI assistant to summarize confidential emails, bypassing DLP policies. Microsoft confirmed the issue and began rolling out a fix in early February, but the full remediation timeline and scope of impact remain undisclosed.
Show sources
- Microsoft says bug causes Copilot to summarize confidential emails — www.bleepingcomputer.com — 18.02.2026 14:03
Information Snippets
-
The bug (tracked under CW1226324) was first detected on January 21, 2026.
First reported: 18.02.2026 14:031 source, 1 articleShow sources
- Microsoft says bug causes Copilot to summarize confidential emails — www.bleepingcomputer.com — 18.02.2026 14:03
-
The affected feature is the Copilot 'work tab' chat, which summarizes emails in Sent Items and Drafts folders.
First reported: 18.02.2026 14:031 source, 1 articleShow sources
- Microsoft says bug causes Copilot to summarize confidential emails — www.bleepingcomputer.com — 18.02.2026 14:03
-
Microsoft 365 Copilot Chat was rolled out to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers in September 2025.
First reported: 18.02.2026 14:031 source, 1 articleShow sources
- Microsoft says bug causes Copilot to summarize confidential emails — www.bleepingcomputer.com — 18.02.2026 14:03
-
Microsoft confirmed the bug and began rolling out a fix in early February 2026.
First reported: 18.02.2026 14:031 source, 1 articleShow sources
- Microsoft says bug causes Copilot to summarize confidential emails — www.bleepingcomputer.com — 18.02.2026 14:03
-
The incident has been tagged as an advisory, indicating limited scope or impact.
First reported: 18.02.2026 14:031 source, 1 articleShow sources
- Microsoft says bug causes Copilot to summarize confidential emails — www.bleepingcomputer.com — 18.02.2026 14:03