Microsoft has recognized a Microsoft 365 Copilot failure that, since the end of January, allowed the IA assistant to read and summarize emails marked as confidential, thus avoiding the policies that many companies use to protect sensitive information. The company detected the problem at the end of January and reported it to its internal message center (referred to as CW1226324), while specialized means such as BleepingComputer have followed the case and published additional details.
The error specifically affected the chat functionality of the Copilot working section - the assistant-type interaction that can help to summarize and synthesize stored content in the Microsoft 365 environment - and made messages saved in the sent elements and drafts folders included in summaries despite wearing sensitivity labels designed to limit automated access. In simple terms: emails that should be left out of the reach of automatic tools were being processed by the IA.
Microsoft attributed the problem to a code failure and started deploying a correction in early February. According to the company, the deployment continues to be monitored and affected users are being contacted in a limited way to verify that the solution works. However, Microsoft has not yet offered a final timeline for full remediation and has not detailed how many organizations or accounts could be compromised; the incidence is listed as a service notice, a label that is usually used when the scope is considered to be initially reduced.
Why is this relevant? Sensitivity labels and data loss prevention policies (DLP) are pillars of governance in corporate environments: they are designed to prevent financial, legal, health or any classified data from being accessible or out of certain perimeters, including automatic processes. Microsoft publishes documentation on how these labels and DLP policies work on its compliance portal ( Sensitivity label guide), and in environments with strict regulatory requirements to trust that these protections operate properly is critical.
From a risk perspective, even if the incident classified as "warning" finally affects a limited number of cases, the ability of an IA tool to read and summarize confidential content opens up several fronts: exposure of business secrets, regulatory compliance risks, and of course an impact on internal confidence on the use of automated assistants in sensitive processes. The combination of powerful productivity functions with insufficient confidence in access controls can create unnoticed risk situations.
For IT and security equipment that manage Microsoft 365, the immediate recommendation is to check the audit records and policies around Copilot, review the sensitivity and DLP settings, and keep in touch with Microsoft support to know the actual scope and recommended actions. It is also worth considering temporary mitigation measures - such as adjusting access permits to Copilot or limiting the use of the work tab until the correction is fully verified - and documenting any findings in case it is necessary to demonstrate compliance with auditors or authorities.
Microsoft offers information about Copilot and its operation within the business suite in its official documentation ( Microsoft 365 Copilot page), which can serve as a reference when reviewing how these capacities are integrated with existing security and privacy policies. In parallel, technology media have been monitoring official communications and state updates, so following specialized sources helps to keep you informed about new developments.
In the end, this episode emphasizes a lesson that was already ringing in the sector: IA functionalities offer clear advantages in productivity, but require specific controls and verifications. It is not enough to enable smart assistants for their immediate value; they must be integrated into a governance framework that ensures that data protections apply as expected. Organizations that depend on sensitivity labels and DLP should use this moment to audit their position and, above all, to validate that third-party tools and new automated capabilities respect the rules that keep their information secure.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...