The story concerns Microsoft 365 Copilot, the AI-powered assistant integrated into Microsoft’s office suite. According to a service alert spotted by BleepingComputera bug detected on January 21 (reference CW1226324) affected the so-called “work tab” discussion function.
When AI reads what it shouldn’t
This interface allows users to interact with AI to summarize documents, analyze files or synthesize exchanges. Except that, in this specific case, Copilot did a little more than expected: it read and summarize messages stored in the “Sent Items” and “Drafts” folders, including those with a confidentiality label.
In theory, these labels – associated with data leak prevention (DLP) policies – are precisely there to prevent sensitive content from being exploited by automated tools. In other words: they have a “no access” sign clearly visible. Microsoft admits it in black and white: “ Email messages from users with a confidential label are incorrectly processed by Microsoft 365 Copilot Chat. » And the editor added that the “work tab” function summarized these emails “ even though a sensitivity label is applied and a DLP policy is configured ».
The origin of the bug? “ A code problem “, explains Microsoft. This allowed Copilot to recover elements in sent and draft files despite the presence of confidential labels. A patch began rolling out in early February. The company specifies that it continues to monitor its deployment and that it is contacting “ a subset of affected users » to check that everything is working correctly.
On the other hand, it is difficult to measure the exact extent of the incident. Microsoft did not disclose the number of organizations affected, nor did it specify how many users were affected. The scope could still evolve “ as the investigation progresses “. The incident is classified as an “advisory”, a category generally used for problems of limited scope. Nothing that looks like a massive leak, then, but it’s serious enough to remind us that AI, however practical it may be, is not infallible.
Since September 2025, Copilot Chat has been gradually integrated into Word, Excel, PowerPoint, Outlook and OneNote for paying professional customers of Microsoft 365. The tool promises a detailed understanding of the context of documents and internal communications. Exactly: this ability to read everything, analyze everything, summarize everything also constitutes his sensitive point. The more AI is integrated into workflows, the thinner the line between assistance and intrusion becomes.
🟣 To not miss any news on the WorldOfSoftware, follow us on Google and on our WhatsApp channel. And if you love us, .
