Microsoft Admits AI Assistant Leaked Sensitive Emails—Here’s What You Need to Know

Microsoft has just issued a major security warning: its AI-powered Copilot assistant was caught summarizing confidential emails that should have been blocked by sensitivity labels and data loss prevention (DLP) controls. The issue, first detected on January 21, was tied specifically to the Copilot “work tab” chat experience—a feature designed to help employees quickly access and summarize work-related content.

But instead of protecting sensitive information, the AI assistant was pulling from the wrong places.

The Leak: How Copilot Broke Its Own Rules

According to reports from BleepingComputer, an internal code error caused Copilot’s “work tab” to access and summarize emails from Sent Items and Drafts folders—even when those messages were protected by sensitivity labels and DLP policies. These folders are often where the most sensitive corporate communications live: draft contracts, negotiation strategies, customer communications, and internal memos that were never meant to be shared beyond their intended recipients.

The problem wasn’t that someone manually copied and pasted sensitive content into Copilot. The AI was automatically pulling from these folders and generating summaries that included restricted text—making it easier for confidential information to spread through everyday workplace chat.

What Microsoft Isn’t Telling Us

Microsoft says it began deploying a fix in early February and is monitoring to ensure the issue is resolved. However, the company has been notably silent on two critical questions: how many tenants (organizations) were affected, and how far back this behavior went before it was detected?

This lack of transparency leaves security teams in a difficult position. Without knowing the scope or timeline of the breach, organizations must decide between a narrow, targeted review or a broader investigation of their Copilot usage and data exposure.

Immediate Actions for IT Teams

If your organization uses Microsoft 365 Copilot, here’s what you need to do right now:

Test the Fix in Your Environment: Verify whether Copilot’s “work tab” chat can still summarize labeled emails from Sent Items and Drafts folders. Document your findings thoroughly and keep detailed audit notes in case your security team needs to report on the impact later.

Review Access Controls: Check who has access to Copilot and what data sources it can access. Consider temporarily restricting Copilot’s access to sensitive folders until you’re confident the fix is working as intended.

Monitor for Unusual Activity: Look for any unusual patterns in your email systems, such as unexpected summaries or access to restricted content.

Communicate with Leadership: Inform your executive team about the issue and the steps you’re taking to address it. This is particularly important if your organization handles regulated data or has compliance requirements.

What Employees Should Know

For everyone else using Microsoft 365 Copilot, the message is clear: don’t trust AI-generated summaries by default. Until your IT team confirms the updated behavior is working correctly, treat any Copilot-generated content as potentially unreliable—especially when it comes to sensitive or confidential information.

If you work with regulated data, customer information, or contract-bound materials, flag this issue to your IT department immediately. Don’t assume the controls are working; verify them.

The Bigger Picture: AI Security Risks

This incident highlights a growing concern in the age of AI-powered workplace tools: the gap between intended security controls and actual system behavior. Even when organizations implement robust data protection measures like sensitivity labels and DLP policies, AI systems can inadvertently bypass these safeguards through unexpected code interactions or design flaws.

As companies rush to adopt AI assistants to boost productivity, they must also invest in rigorous testing, transparent communication from vendors, and ongoing monitoring to ensure these tools don’t become the weak link in their security posture.

Microsoft’s Copilot incident serves as a wake-up call: AI security isn’t just about protecting against external threats—it’s also about ensuring the AI systems we trust with our data don’t leak it themselves.

Tags & Viral Phrases

Microsoft 365 Copilot security breach, AI data leak, Copilot work tab vulnerability, Microsoft AI assistant exposed emails, data loss prevention bypass, sensitivity labels failure, BleepingComputer Microsoft report, Copilot confidential data leak, Microsoft security warning January 2024, AI summarizing sensitive emails, Sent Items folder breach, Drafts folder data exposure, Microsoft Copilot fix February 2024, IT security teams alert, AI workplace tool risks, Microsoft 365 data protection failure, Copilot chat experience vulnerability, enterprise AI security concerns, Microsoft tenant data breach, Copilot DLP policy bypass, AI assistant summarizing restricted content, Microsoft security transparency issues, Copilot audit trail concerns, regulated data AI exposure, contract-bound information leak, Microsoft 365 Copilot testing required, AI productivity tool security gap, Microsoft Copilot incident response, enterprise AI adoption risks

,