Microsoft Copilot Leaks Secret Data
Microsoft's Copilot AI is facing a major security test after a bug allowed it to summarize confidential emails, bypassing data loss prevention controls. The incident comes as Microsoft is rapidly integrating the tool across its 365 suite and is reportedly planning a new 'E7' tier to monetize AI agents alongside human workers.
The specific flaw, tracked as CW1226324, was a code error in Copilot Chat's "work tab" feature. First identified on January 21, 2026, the bug allowed the AI to process and summarize emails from a user's Sent and Drafts folders, even when those messages had "confidential" sensitivity labels and were governed by Data Loss Prevention (DLP) policies. This incident is separate from a more critical vulnerability discovered in early 2025 called "EchoLeak" (CVE-2025-32711). Security researchers at Aim Labs identified EchoLeak as a zero-click attack where a specially crafted email could manipulate Copilot through prompt injection, tricking it into exfiltrating sensitive data from files, Teams messages, and emails without any user interaction. Microsoft's response to the email summarization bug was to deploy a server-side fix in early February 2026. The company stated that the flaw did not breach overall access controls, meaning users could only see summaries of information they were already authorized to access. However, it acknowledged the behavior was unintended and bypassed explicit AI processing restrictions. The security lapse highlights the growing pains of integrating AI agents into enterprise workflows. Security warnings about Copilot's potential to leak data date back to the Black Hat USA 2024 conference, where a researcher demonstrated how its insecure defaults and over-permissive plugins could be exploited. The U.S. House of Representatives had previously banned congressional staff from using Copilot over data security concerns. This comes as Microsoft prepares to deepen its enterprise AI integration with a new "E7" subscription tier. This rumored top-tier plan is expected to bundle the existing high-end E5 license with Microsoft Copilot and a new "Agent 365" management plane. The strategy behind the E7 license is reportedly to treat AI "agentic workers" like human employees, requiring them to be licensed with their own Entra IDs, email, and Teams accounts. This positions Microsoft to monetize not just the AI tools themselves, but the entire infrastructure for managing and securing a hybrid human-digital workforce.
