Microsoft has acknowledged a bug in its Microsoft 365 Copilot AI assistant that caused it to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies. The issue affected Copilot’s “work tab” chat feature, which improperly accessed emails in users’ Sent Items and Drafts folders, including those with confidentiality labels meant to restrict automated access. Microsoft identified a code error as the cause and began rolling out a fix in early February, while continuing to monitor its deployment. The company stated that access controls remained intact, and no unauthorized access occurred.

Source: BleepingComputer