Overview
- A programming flaw in Copilot Chat allowed access to emails labeled confidential and those covered by Data Loss Prevention policies.
- Copilot could retrieve content from users’ Sent and Drafts folders and produce summaries despite protections that should have blocked it.
- Microsoft began rolling out a fix in early February and says it is monitoring deployment and reaching out to affected customers.
- The company has not disclosed how many users or organizations were impacted or provided a date for full remediation.
- Initial reports surfaced in January, and some institutions responded with restrictions, including the European Parliament’s IT service blocking AI functions on work devices.