Microsoft 365 Copilot Bug Leaked Confidential Emails

Microsoft has confirmed that a bug in Microsoft 365 Copilot allowed the AI assistant to summarize confidential emails it should never have touched. The flaw affected messages sitting in users' Sent Items and Drafts folders.

The issue started in late January and went undetected for weeks. Microsoft deployed a fix in early February, but the gap left a window where Copilot could surface sensitive email content through its summarization features — a nightmare scenario for enterprise customers trusting AI with their inboxes.

The incident highlights a growing tension in enterprise AI: the more access you give an assistant, the more damage a misconfiguration can cause. Microsoft's Copilot is deeply embedded across its 365 suite, meaning bugs like this don't just break features — they potentially expose privileged communications at scale.