Microsoft has confirmed that a bug in Microsoft 365 Copilot has been causing the AI assistant to read and summarise confidential emails since late January. The software giant noted that the bug could bypass data loss prevention policies that organisations use to protect sensitive information. The company said a code error was at the root of the problem. “A code issue is allowing items in the sent items and draft folders to be picked up by Copilot even though confidential labels are set in place,” Microsoft said. According to a report by Bleeping Computer, the bug, tracked under CW1226324 and first detected on January 21, affects Copilot’s work tab chat feature, which was incorrectly accessing emails in users’ Sent Items and Drafts folders, including those with confidentiality labels designed to block automated tools. The company also noted that it has started rolling out a fix earlier this month and is monitoring the deployment while reaching out to affected users to verify if the patch is working.
What Microsoft said about the Copilot bug summarising confidential emails
Confirming the issue in a service alert, Microsoft said, “Users’ email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat. The Microsoft 365 Copilot ‘work tab’ Chat is summarising email messages even though these email messages have a sensitivity label applied and a DLP policy is configured.”However, the company has not given a timeline for full remediation and has not disclosed how many users or organisations were affected, noting only that the scope of impact may change as its investigation continues. The incident has been tagged as an advisory, a designation typically used for issues with limited scope or impact.Copilot Chat is Microsoft’s AI-powered, content-aware assistant that allows users to interact with AI agents across applications. Microsoft began rolling it out to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers in September 2025.Apart from this, Microsoft rolled out the first Windows 11 update of the year last month, which caused unexpected trouble for some users. The update prevented affected computers from shutting down or restarting properly. The issue stemmed from an out-of-band update released in mid-January 2026, after which some Windows 11 devices failed to complete shutdown or restart operations, leaving users with systems that remained powered on despite attempts to turn them off.Microsoft acknowledged the bug, linking it to the KB5034763 update, and confirmed it was caused by a compatibility issue in the update process. The company stressed that the bug did not affect data integrity or broader system performance. Two problems were flagged by the company: connection and authentication failures in remote connection apps across multiple platforms, and shutdown or hibernate failures on devices running Windows 11 version 23H2 with Secure Launch enabled. At that time, Microsoft advised affected users to install the latest cumulative update to resolve the issues.