Microsoft Copilot Bug Exposes Sensitive Data
A recent Microsoft 365 Copilot security bug allowed the AI to process and summarize confidential emails while bypassing Data Loss Prevention (DLP) controls, rattling enterprise trust. The incident comes as Microsoft rapidly scales Copilot with new features and is reportedly eyeing a new "E7" enterprise tier that would treat AI agents as first-class organizational citizens.
The specific flaw, tracked internally as CW1226324, was a code defect in the Copilot Chat "Work" tab. It incorrectly allowed the AI to process and summarize emails from "Sent" and "Drafts" folders even when they were protected by sensitivity labels and Data Loss Prevention (DLP) policies. Microsoft confirmed the issue did not expose content users weren't already authorized to see, but it violated the expected behavior of respecting explicit DLP controls. This incident is not isolated. In January 2026, researchers disclosed a "Reprompt" vulnerability that could expose files via malicious links, and Copilot has now ignored sensitivity labels twice in eight months. This pattern highlights a structural challenge where security controls struggle to keep pace with the rapid integration of AI into core productivity workflows. The bug surfaced as customers began reporting anomalous behavior around January 21, 2026. Microsoft acknowledged the problem on February 3 and began deploying a server-side fix in early February, meaning some enterprise environments were operating under a false sense of protection for nearly a month. The rumored "E7" subscription tier is Microsoft's strategic response to the need for stronger AI governance. It's expected to bundle the existing E5 features with Copilot and a new management service called Agent 365, effectively creating a licensing mechanism to treat AI agents like employees with their own identities, security policies, and access controls. This new tier, potentially priced around $99 per user per month, would package AI agent identity management via Entra ID, compliance controls through Purview, and security using Defender XDR. The move signals a shift toward a new "enterprise AI control plane" that integrates AI workloads more deeply with Azure's consumption-based revenue models. Security remains the top challenge for enterprise AI adoption, with 53% of leadership and 62% of practitioners identifying it as a primary concern. Incidents like the DLP bypass demonstrate that AI assistants amplify existing data governance weaknesses; they don't create new permissions but can rapidly surface and connect information from years of accumulated, and often poorly secured, data in SharePoint or OneDrive.
