Microsoft Copilot Ignored Sensitivity Labels, Processed Confidential Emails

A code error in Copilot Chat’s “Work” tab allowed the AI to pull emails from users’ Sent Items and Drafts folders — even when those emails carried confidentiality labels and had DLP rules explicitly ...

Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one

Microsoft's CW1226324 advisory confirms Copilot bypassed sensitivity labels and DLP policies for four weeks. Combined with EchoLeak (CVE-2025-32711), it reveals a structural blind spot in enterprise ...

Copilot spills the beans, summarizing emails it's not supposed to read

Data Loss Prevention? Yeah, about that... The bot couldn't keep its prying eyes away. Microsoft 365 Copilot Chat has been ...

Microsoft adds Copilot data controls to all storage locations

Microsoft is expanding data loss prevention (DLP) controls to block the Microsoft 365 Copilot AI assistant from processing ...

Microsoft says bug causes Copilot to summarize confidential emails

Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late ...
Windows Report

New DLP Update Stops Copilot From Reading Sensitive Office Files

Microsoft expands DLP controls to prevent Copilot from processing confidential Office files across local devices, SharePoint, and OneDrive.

A Microsoft Copilot Bug Has Been Exposing Confidential Emails—Are You Affected?

The company is working on deploying a fix for impacted users.
Windows Report

Microsoft 365 Copilot Bug Summarized Confidential Emails Despite DLP Policies

Microsoft confirms a Copilot bug that summarized confidential emails despite DLP protections. Fix is rolling out, impact remains unclear.