Microsoft says Office bug exposed customers’ confidential emails to Copilot AI

Microsoft confirmed a bug that allowed its Copilot AI to summarize confidential emails without permission for several weeks, affecting customers' privacy. The issue persisted even with data loss prevention measures, prompting a fix rollout in February. The situation prompted caution from the European Parliament, which disabled similar AI features on their devices.

Key Points

• Microsoft identified a bug (CW1226324) in its Copilot Chat feature that began exposing confidential emails in January.
• Copilot Chat allowed summarizing emails, undermining data loss prevention policies intended to protect sensitive information.
• Microsoft initiated a fix rollout in February without disclosing the number of affected customers.
• The bug raised significant privacy concerns, leading the European Parliament to block AI features on their work devices.

Relevance

• This incident highlights ongoing privacy concerns surrounding AI integration in business tools as organizations increasingly adopt AI technologies.
• As of 2025, trends in AI emphasize stronger regulatory frameworks, as seen with the EU's cautious approach to AI data handling and privacy.
• Similar incidents in other tech companies have raised alarms about AI's handling of sensitive information, leading to calls for stricter oversight.

This bug underscores the necessity for robust data protection measures in AI applications, as organizations balance innovation with the critical need for confidentiality.