ARTICLE AD BOX
New Delhi: Microsoft has recently reported and admitted to a flaw in its AI-powered workspace assistant, Copilot Chat, which led to some users’ confidential emails being accessed and summarized unintentionally. Copilot Chat has become capable of pulling content from emails stored in the users’ Drafts and Sent items folders, which include messages that were labelled as confidential.
Microsoft 365 Copilot Chat is the company’s generative AI tool, which is integrated into applications such as Outlook and Teams. Microsoft typically positions Copilot as a secure, enterprise-ready assistant that is especially designed to help employees summarise emails, draft responses, and retrieve information from within their organization’s systems.
The problem was initially noted by tech publication Bleeping Computer, which reported seeing a service alert referencing the issue. Copilot Chat has been incorrectly processing emails marked with the sensitivity labels, despite data loss prevention policies being configured to restrict such content. Reports also suggested that Microsoft became more aware of the issue in January.
A related notice has also been appeared on an NHS England IT support dashboard, by attributing the root cause to a code-related error. While the notice was implied, NHS systems were affected, the organization stated that any processed drafts or sent emails remained accessible only to their original authors and that patient data had not been exposed.
Microsoft has also stated that it has been identified and addressed the problem. The company has also clarified that while its underlying access controls and data protection policies have remained in place, the behavior did not align with how Copilot is supposed to function.
It has also added that the assistant is designed to exclude protected content from its responses, even if the user technically has permission to view it. Microsoft has since reported deploying a configuration upgrade for enterprise customers worldwide. Microsoft stressed that the bug did not grant the users access to information beyond what they were already authorized to see.
English (US) ·