Microsoft 365 Copilot Bug Exposes Confidential Emails Despite DLP Safeguards

A code flaw in Microsoft 365 Copilot exposes gaps in DLP enforcement and enterprise data protection controls.

Hero approved Microsoft 365

Key Takeaways:

  • A recently discovered bug caused Microsoft 365 Copilot to access and summarize emails.
  • The flaw bypassed existing data protection measures.
  • This bug prompted Microsoft to roll out a fix and investigate its broader impact.

Microsoft has acknowledged a newly discovered bug that allowed Microsoft 365 Copilot to summarize confidential emails without proper authorization. The flaw effectively bypassed data loss prevention (DLP) policies, compromising safeguards designed to prevent sensitive information from being accessed or processed by automated systems.

Microsoft 365 Copilot Chat is an AI‑powered, enterprise‑ready chat experience that lets users ask questions in natural language and receive real‑time, context‑aware responses powered by large language models and web‑grounded knowledge. It can pull in organizational data that users already have permission to access, which helps them find emails, documents, and insights directly within apps like Teams, Outlook, and the Microsoft 365 Copilot app.

Microsoft 365 Copilot flaw enabled AI summaries of protected messages

The CW1226324 bug is a Microsoft 365 Copilot Chat issue in which a code error caused the AI assistant to improperly access and summarize emails stored in users’ Sent Items and Drafts folders, even when those messages carried confidentiality or sensitivity labels designed to block automated tools. This flaw meant Copilot bypassed established data loss prevention (DLP) policies, which led it to process information that should have been strictly off-limits.

“Users’ email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat,” Microsoft explained. “The Microsoft 365 Copilot ‘work tab’ Chat is summarizing email messages even though these email messages have a sensitivity label applied and a DLP policy is configured.”

Microsoft begins rolling out fix after customer reports

Customers started reporting this bug on January 21, 2026, and it prompted Microsoft to begin rolling out a fix in early February. The company continues to monitor its deployment in enterprise environments and verify that affected users are protected. However, the full scope of impact remains under investigation.

Microsoft is currently remediating this issue, and it’s contacting affected commercial customers to confirm the effectiveness of the patch. However, the company has not confirmed how many customers are affected by this bug. Microsoft noted that the scope of impact may change as the investigation continues.

Inconsistent enforcement of sensitivity labels across Microsoft 365

This incident highlights a deeper structural problem within Microsoft’s ecosystem. Sensitivity labels are not enforced uniformly across all services, which creates gaps where protected data can still slip through.

While many applications like Word and Outlook correctly honor these restrictions, Copilot Chat and other integrated tools may interact with labeled content differently that leaves room for unexpected exposure. Microsoft’s own documentation acknowledges these inconsistencies and shows that the same label applied in one app does not guarantee identical behavior elsewhere, which is exactly what allowed this bug to surface.

Going forward, the issue calls for a broader rethink of how data protection policies operate across Microsoft 365. As organizations increasingly depend on AI‑driven assistants, uniform enforcement of sensitivity labels becomes not just a “nice to have” but a fundamental requirement. Without consistent guardrails, even well‑intentioned AI tools can inadvertently surface information that was never meant to be accessed or summarized, which suggests that Microsoft will need to close these systemic gaps if it hopes to maintain trust in its expanding AI‑powered ecosystem.