A Microsoft Copilot Bug Has Been Exposing Confidential Emails—Are You Affected?

The company is working on deploying the fix to impacted users now.

BY AVA LEVINSON, NEWS WRITER

(Photo by Dilara Irem Sancar/Anadolu via Getty Images)

A bug has been causing Microsoft Copilot to read and summarize users’ confidential emails. The issue has been ongoing since late January, Microsoft said, due to a bug that bypasses data loss prevention (DLP) policies meant to protect sensitive information. 

“Users’ email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat,” the company said, according to BleepingComputer. 

Copilot Chat is Microsoft’s AI-driven chatbot that allows users to communicate with AI agents. The company launched the feature in September to Microsoft 365 business customers using Word, Excel, PowerPoint, Outlook, and OneNote.

The bug targets the Copilot “work tab” feature, which unconcensually summarizes emails in users’ Sent Items and Drafts folders. These folders are explicitly labeled confidential in order to prevent automated tools from accessing them, according to a service alert viewed by BleepingComputer. 

How Canva Became the Power Player in the AI Design Wars

Microsoft said that an unspecified code error is responsible, and it began releasing a fix at the beginning of the month. The company said today that it was in communication with a group of impacted users to ensure the fix is working.

“A code issue is allowing items in the sent items and draft folders to be picked up by Copilot even though confidential labels are set in place,” Microsoft said in its message, according to BleepingComputer. 

It’s not the first time that Copilot has dealt with security flaws.

© Inc.com