Outlook Copilot Bug Exposes Confidential E-mails

Sergiu Gatlan (Hacker News):

Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.

[…]

“A code issue is allowing items in the sent items and draft folders to be picked up by Copilot even though confidential labels are set in place,” Microsoft added.

Thomas Claburn:

It’s just this sort of scenario that has led 72 percent of S&P 500 companies to cite AI as a material risk in regulatory filings.

[…]

“Although content with the configured sensitivity label will be excluded from Microsoft 365 Copilot in the named Office apps, the content remains available to Microsoft 365 Copilot for other scenarios,” the documentation explains. “For example, in Teams, and in Microsoft 365 Copilot Chat.”

[…]

In theory, DLP policies should be able to affect Microsoft 365 Copilot and Copilot Chat. But that hasn’t been happening in this instance.

Previously:

• Microsoft Rust and Copilot
• Microsoft Australia Refunds for Office/Copilot Dark Pattern
• Forcing Copilot AI
• Opting Out of Microsoft 365’s Copilot AI
• Privacy of Windows Copilot+ Recall
• Microsoft 365 Copilot

Artificial Intelligence Bug Copilot AI E-mail Mac Mac App macOS Tahoe 26 Microsoft Office Microsoft Outlook Privacy Windows Windows 11

1 Comment RSS · Twitter · Mastodon

---

Leave a Comment

Name

E-mail (will not be published)

Web site

Δ