By Chance Townsend
Publication Date: 2026-02-18 21:50:00
A bug in Microsoft 365 and Copilot has been causing the AI assistant to summarize emails that were explicitly labeled as confidential, according to a report from Bleeping Computer. The Copilot security bug reportedly bypassed organizations’ data loss prevention (DLP) policies, which are used to protect sensitive information.
The bug specifically affected Copilot Chat. According to Microsoft’s documentation, it caused emails with a confidential label to be “incorrectly processed by Microsoft 365 Copilot chat.”
For context, Copilot Chat, which rolled out to Microsoft 365 apps like Word, Excel, Outlook, and PowerPoint for enterprise customers last fall, is pitched as a content-aware AI assistant. Tech companies like Microsoft are integrating AI assistants into virtually all of their products, creating new types of cybersecurity risks in the process. Businesses using AI assistants could be at risk from prompt injection and…
