You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
confidential data exposure
About this tag
The tag confidential data exposure on WindowsForum.com covers a specific Microsoft 365 Copilot privacy flaw tracked as CW1226324. In late January 2026, a logic error allowed Copilot Chat to read and summarize emails labeled as confidential from users' Sent Items and Drafts folders, bypassing Data Loss Prevention (DLP) controls. This exposed sensitive enterprise data to the AI assistant, undermining data governance. Microsoft confirmed the issue and rolled out a server-side fix in early February 2026. Discussions focus on the technical details of the bypass, its impact on enterprise security, and the implications for AI data handling in Microsoft 365.
Microsoft’s flagship productivity AI for Microsoft 365 has a glaring privacy problem: for weeks a code error allowed Copilot Chat to read and summarize emails that organizations had explicitly labelled as confidential, bypassing Data Loss Prevention (DLP) controls and undermining a core tenant...
Microsoft’s own service advisory confirms that a logic error in Microsoft 365 Copilot allowed the assistant to process and summarize email messages labeled “Confidential” in users’ Sent Items and Drafts folders — and that the company began rolling a server-side fix in early February 2026...