Microsoft Copilot Bug Summarized Confidential Emails

- The specific bug, tracked internally as CW1226324 and first detected on January 21, 2026, affected the Copilot "work tab" chat feature. It incorrectly processed and summarized emails from a user's Sent Items and Drafts folders, even when they had a "confidential" sensitivity label applied. - Microsoft attributed the issue to a "code error" and began rolling out a fix in early February 2026. The company stated that the bug did not grant users access to information they weren't already authorized to see, but it did violate the expected behavior of respecting DLP controls. - This incident follows other security vulnerabilities in the Copilot ecosystem, including a "zero-click" vulnerability dubbed "EchoLeak" (CVE-2025-32711) that could have allowed attackers to exfiltrate sensitive data without user interaction. - In 2025, another flaw was discovered where M365 Copilot could access sensitive files without generating the corresponding audit log entries, creating potential compliance gaps. - Data Loss Prevention (DLP) systems are designed to prevent the leakage of sensitive data by enforcing policies based on content classification. Traditional DLP tools, however, were not built to handle the nuances of AI-generated content, such as summarization or paraphrasing, which introduces new risk vectors. - For organizations in healthcare, the average cost of a data breach reached over $7.4 million in 2025, and the integration of AI is expanding the attack surface for highly valuable Protected Health Information (PHI). - Modern, AI-aware DLP requires capabilities like AI-driven data classification and context-aware policy enforcement that can monitor how data is used in prompts for generative AI tools. - The concern over data privacy in AI assistants has led to the development of privacy-first platforms that do not train on user data by default and offer options for self-hosting to keep data within an organization's environment.