Microsoft confirms Office bug exposed confidential emails to Copilot A

For weeks, a quiet malfunction in Microsoft’s Office software has been allowing the company’s Copilot AI to peer into confidential email conversations that customers believed were protected. The bug, which Microsoft confirmed this week, represents a significant breach of trust for enterprises that have invested heavily in data loss prevention policies to keep sensitive information out of AI training pipelines.

“Draft and sent email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat.” — Microsoft Advisory

The Bug That Bypassed Security Controls

According to Microsoft’s advisory, the issue first appeared in January and persisted until early February. During that window, Copilot Chat—available to paying Microsoft 365 customers—was able to read and generate summaries of emails marked as confidential, even when organizations had explicitly configured data loss prevention policies to block such access.

The implications are substantial. Copilot Chat integrates directly into Office applications including Word, Excel, and PowerPoint, meaning the AI had potential access to some of the most sensitive corporate communications imaginable: draft contracts, internal strategy discussions, personnel matters, and financial planning documents.

Microsoft has assigned the bug identifier CW1226324 and says it began rolling out a fix earlier this month. The company has not disclosed how many customers were affected or whether any confidential information was inadvertently used to train its large language models.

Why Enterprise AI Trust Is Fragile

The control illusion has become a recurring theme as enterprises adopt AI tools. Companies invest in sophisticated data governance frameworks, configure granular permissions, and establish clear boundaries about what AI systems can and cannot access. Then a bug renders those controls meaningless.

Compliance implications are significant. Organizations in regulated industries—healthcare, finance, legal—face strict requirements about data handling. A bug that allows AI systems to process confidential information could trigger audit findings, regulatory scrutiny, or contractual breaches with clients who expected their data to remain isolated.

The shadow AI problem compounds these risks. Even when companies believe they have AI usage under control, integrated features like Copilot Chat operate in ways that aren’t always visible to IT administrators until something goes wrong.

“The European Parliament’s IT department told lawmakers this week that it blocked built-in AI features on work-issued devices, citing concerns that AI tools could upload potentially confidential correspondence to the cloud.” — TechCrunch

What Organizations Should Do Now

For enterprises running Microsoft 365 with Copilot enabled, several immediate steps are warranted:

Audit access logs to determine whether confidential emails were processed by Copilot during the affected period. Microsoft provides administrative tools to track Copilot interactions, though the completeness of these logs may vary.

Review DLP configurations to ensure they are functioning as intended. The bug specifically affected emails with confidential labels, suggesting organizations should verify that their sensitivity labeling systems are properly integrated with Copilot’s access controls.

Assess vendor trust more broadly. This incident comes as organizations are already grappling with questions about how AI providers handle proprietary data. Microsoft’s transparency about the bug—and its silence about affected customer numbers—will factor into enterprise purchasing decisions.

The Bigger Picture: AI Integration Risks

The Microsoft bug highlights a fundamental tension in enterprise AI adoption. The value proposition of Copilot and similar tools depends on deep integration with existing workflows and data sources. But that same integration creates attack surfaces and failure modes that traditional software bugs did not.

When a conventional application has a security flaw, the damage is typically limited to what that application was designed to do. When an AI system has a bug, the consequences can be more unpredictable—the technology is designed to read, understand, and potentially retain information in ways that blur traditional boundaries.

Microsoft’s fix is now rolling out, but the incident serves as a reminder that AI governance is still immature. The controls enterprises rely on are software like everything else, subject to bugs, misconfigurations, and edge cases that vendors may not have anticipated.

For now, organizations must operate with the understanding that AI access controls are probabilistic rather than absolute—a uncomfortable reality for risk managers trained to think in binary terms of compliant or non-compliant.

This article was reported by the ArtificialDaily editorial team. For more information, visit TechCrunch.