Microsoft 365 Copilot Bug Exposes Sensitive Data, Raising DLP Concerns

A recently discovered flaw in Microsoft 365 Copilot is allowing the AI assistant to summarize confidential emails, bypassing established Data Loss Prevention (DLP) policies. The issue, first reported in late January 2026, has prompted Microsoft to launch an investigation and develop a code fix.

The Nature of the Bug

Microsoft acknowledged the problem in a notice to Office administrators, tracking it as CW1226324 [1]. The bug allows Copilot Chat to summarize emails labeled as “confidential” despite the presence of DLP policies and sensitivity labels designed to prevent such access. This means Copilot is “talking about secret stuff in the Copilot Chat tab” [1], potentially exposing sensitive information.

How Microsoft Purview DLP is Supposed to Work

Microsoft Purview Data Loss Prevention (DLP) is designed to protect interactions with Microsoft 365 Copilot and Copilot Chat in two key ways [1]:

• Restricting Sensitive Prompts: DLP policies can prevent Copilot from processing prompts containing sensitive information types (SITs) like credit card numbers or social security numbers. This applies to both Microsoft-provided and custom SITs.
• Protecting Sensitive Files and Emails: DLP policies can prevent files and emails with sensitivity labels from being used in Copilot’s response summarization.

Though, the current bug circumvents these protections, particularly regarding emails with confidentiality labels.

Potential Risks and Consequences

The incident raises several concerns:

• Data Leakage: Confidential information may have been temporarily exposed within AI systems.
• Erosion of Trust: The bug casts doubt on the security and reliability of AI tools when handling sensitive data.
• Regulatory Compliance: Organizations relying on DLP policies to meet compliance requirements may be at risk.

According to recent reports, 72 percent of S&P 500 companies have already cited AI as a material risk in regulatory filings [1], highlighting the growing concerns surrounding AI security.

Microsoft’s Response and Timeline

Microsoft is actively working on a code fix to address the issue. The company states that the problem affects organizations using specific Microsoft 365 Copilot features. The rollout of fixes began in preview in November 2025, with general availability expected by April 2026 [2].

What Organizations Should Do

Organizations using Microsoft 365 Copilot are advised to:

• Review their security procedures and potential data leakage risks.
• Stay informed about Microsoft’s updates and apply fixes promptly.
• Consider the sensitivity of data before using Copilot features.

It’s important to note that Microsoft documentation clarifies that sensitivity labels do not function consistently across all applications [1], adding another layer of complexity to data protection strategies.