Microsoft has confirmed a bug in Microsoft 365 Copilot that has been summarizing confidential emails since late January, bypassing data loss prevention policies organizations rely on to protect sensitive information. The issue affects the Copilot "work tab" chat feature, which incorrectly reads and summarizes emails stored in users' Sent Items and Drafts folders, including messages with confidentiality labels.

The bug, tracked as CW1226324 and first detected on January 21, impacts Microsoft 365 Copilot Chat, the AI-powered chat that lets users interact with AI agents across Word, Excel, PowerPoint, Outlook, and OneNote. Microsoft began rolling out this feature to paying business customers in September 2025. "Users' email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat," the company acknowledged.

Microsoft attributes the issue to an unspecified code error and began rolling out a fix in early February. As of Wednesday, the company was monitoring deployment and reaching out to affected users to verify the fix. However, Microsoft has not provided a timeline for full remediation or disclosed how many users or organizations were impacted. The incident has been tagged as an advisory, indicating limited scope or impact, but the ongoing exposure of confidential communications raises significant concerns about AI tool security and data protection.