Last mentioned: Feb 18, 2026
Public Disclosure
Microsoft and security researchers confirm that Copilot has been bypassing DLP to summarize emails.
Mitigation Efforts
Microsoft begins addressing the Office bug to restore data protection policy enforcement.
Bug Emergence
Estimated start of the bug affecting Copilot's DLP enforcement mechanisms.
A critical vulnerability in Microsoft 365 Copilot allowed the AI assistant to access and summarize confidential emails, bypassing enterprise Data Loss Prevention (DLP) policies. The bug, active since late January 2024, highlights significant security gaps in the integration of generative AI within enterprise productivity suites.
A critical vulnerability in Microsoft 365 Copilot allowed the AI assistant to access and summarize confidential emails, bypassing established Data Loss Prevention (DLP) policies. The bug, active since late January, represents a significant breach of trust for enterprise customers relying on Microsoft's security framework for AI integration.