Microsoft Says Bug Causes Copilot To Summarize Confidential Emails 28
Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information. From a report: According to a service alert seen by BleepingComputer, this bug (tracked under CW1226324 and first detected on January 21) affects the Copilot "work tab" chat feature, which incorrectly reads and summarizes emails stored in users' Sent Items and Drafts folders, including messages that carry confidentiality labels explicitly designed to restrict access by automated tools.
Copilot Chat (short for Microsoft 365 Copilot Chat) is the company's AI-powered, content-aware chat that lets users interact with AI agents. Microsoft began rolling out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers in September 2025.
Copilot Chat (short for Microsoft 365 Copilot Chat) is the company's AI-powered, content-aware chat that lets users interact with AI agents. Microsoft began rolling out Copilot Chat to Word, Excel, PowerPoint, Outlook, and OneNote for paying Microsoft 365 business customers in September 2025.
I no longer trust Microsoft with MY data (Score:2)
Re: (Score:2)
A Windows IT guy I used work with would tell me how Unix/Linux is insecure because Unix permissions are inferior compared to Access Control Lists (ACLs) everywhere. (Solaris and others have had support for them for decades). But then when he would ignore that LAN Manager clients were leaking weak hashes on the network, and that NTLM barely fixed the problem and 20 years later it's still being exploited for credential hijacks.
That people are only now realizing that Microsoft not only doesn't make secure or r
Re: (Score:2)
Even funnier, Linux has had ACLs for years now. They aren't ysed that frequently because well planned group membership and standard permissions usually get the job done.
Re: (Score:2)
ACLs are extra work, I hate setting them up regardless of OS. And if you control access to systems themselves then that single level of group permissions is almost always enough. When you have really big network shares then you kind of end up needing them, but NetApp and other filers already support them and it works over NFS well enough.
Another guy I worked for insisted that Windows NT I/O Completion Ports were the ultimate in network scalability. That select() on Unix was just a dog and cannot scale. He w
Re: (Score:2)
Select isn't perfect, but it's good enough for surprisingly large loads. Where it just won't do, there's epoll. It's a lot more versatile than NTs IO completion.
The latter is a deep structural difference. NT seems to like ad-hoc interfaces to various things while Unix tends to unify them under a common interface. I saw that written in bold early on when NT has some special API for accessing a backup tape and in Unix it was a char device like any other (but with a few extra IOCTLS to cover the differences).
Re: (Score:2)
getfacl -R --one-file-system . >root.facl
in the root filesystem so if necessary I can restore them with setfacl later.
User hostile - prioritize sales over customers. (Score:5, Interesting)
Once again a reminder of the risk of using Microsoft software (and many other, but not all, proprietary systems). Now it's an "unspecified code error", so I'll speculate a bit, but there's plenty of history here, so we can guess the truth.
There are ways for external software to interface with Exchange / Office 356. In fact, AI systems could happily be built to work directly with IMAP and other standardized interfaces. That's what Microsoft would expect external software companies to use and they would almost always mean that simple correct configuration of the mail server would stop that software being able to see the contents of these mails at all.
Instead of giving their own software the standard interfaces and allowing everyone who uses it to have control in the standard ways, Microsoft wants Copilot to have an advantage over the competition. They allow non standard, special interfaces for Copilot whilst the competition have to stick with the standards and suffer slower development. The user suffers from more complexity (two separate interfaces), more bugs and, like here, total loss of control and security. Microsoft sells out the user for more of their own sales.
bug (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
You say bug, I say "misdocumented advanced security feature with unconsidered consequences". @UnknowingFool says "oh, but that part of the documentation's just missing from the version for the general public, here in the security forces we had full correct documentation".
Well, they have to monetize all this AI somehow (Score:4, Funny)
"Here's a summary of all your confidential emails. It would be a shame if this all got out somehow."
Feature (Score:2)
It is a feature, not a bug!
But hey, lets claim incompetence and not malice even though they are indistinguishable at this point.
You can't do this with confidential data (Score:5, Insightful)
You can't run badly tested software relying on alpha level technology (AI) and have any reasonable expectations it's going to work properly. Why are people doing this? There's a reason AI is being banned in any workplace with NDAs, trade secrets, and customer data.
All the CEOs and MBAs out there mandating that their employees use AI daily as much as possible, despite only being alpha testing level, are idiots.
Re: (Score:2)
Now AI corps can say 'Look, we have all these users to justify our wreckless hoarding of compu
Remember ... (Score:2)
This comes from the company who JUST suggested AI is ready to take away pretty much ALL white collar jobs within the next 18 months.
So this means that DLP is junk? (Score:2)
Sounds like this means that DLP isn't integrated at the lowest levels but is just a bolt-on thing that's advisory at best. Makes me wonder if this also means cross-tennant protections aren't as robust as one would assume.
Oops, sorry guys. (Score:2)
The AI sucking down all your confidential data accidentally let you know it's been scarfing down all your data. We'll try to fix it so it keeps your confidential emails from returning a summary to you while it continues to scarf them down going forward. Sorry 'bout the mix-up.
Serious question (Score:1)
How is this different from Outlook previewing the first few lines of an email?
Does outlook send emails off to a remote server to generate the summary or is it locally generated?
Can anyone other than the intended recipient of the email see the AI-generated summary of confidential emails?
IF, as I suspect but don't know, the local PC generated summaries are only viewable by the proper, logged in recipient of the confidential email, what's the problem?
Now, if confidential emails are flying out to off-site MS AI
Never been Confidential (Score:3)
If they could break the confidentially THIS easily and amateurishly, those emails were never actually confidential in the first place.
I am wondering in how much legal trouble that puts M$, especially over in Bxl.
Re: (Score:2)
FBI, NSA, CIA (Score:2)
The three letter agencies are very pleased.
Huge time saver!
wait, what? the Label is THE protection? (Score:2)
so the label of confidential is THE protection mechanism... not actually blocking access, but relying on the external tool to READ and ADHERE to the label?
This is akin to writing a book with classified info, putting classified on the page and trusting who ever reads the book skips the pages that say confidential.
I wonder... (Score:2)
If I had the woeful misfortune of being forced to use Windows, would Copilot still be rummaging around in my emails if I chose to use Thunderbird instead of Bloatlook?
This is what happens... (Score:2)