February 18, 2026

Microsoft Confirms Bug in Copilot Summarization Feature Exposes Confidential Emails

Vaibhav February 18, 2026
Microsoft-Confirms-Bug-in-Copilot-Summarization-Feature-Exposes-Confidential-Emailsdata
Post Views: 22

Microsoft 365 Copilot Vulnerability Exposes Confidential Emails

A security vulnerability in Microsoft 365’s Copilot feature has been found to be summarizing confidential emails, despite the presence of sensitivity labels designed to restrict access.

Cause of the Vulnerability

According to Microsoft, the vulnerability is caused by an unspecified code error, which has been bypassing data loss prevention policies and allowing Copilot to process sensitive information.

“The issue is being treated as an advisory, indicating that the scope of the impact is currently considered to be limited.”

Impact and Remediation

Microsoft began rolling out a fix for the issue in early February and has been monitoring its deployment. The company has also been reaching out to affected users to verify that the fix is working.

However, a final timeline for full remediation has not been provided. The vulnerability is particularly concerning, as it allows Copilot to access and summarize sensitive information, potentially putting confidential data at risk.

Importance of Securing AI-Powered Tools

The incident highlights the importance of ensuring that AI-powered tools, such as Copilot, are properly configured and secured to prevent unauthorized access to sensitive information.

As the use of AI-powered tools becomes more widespread, it is essential that organizations take steps to mitigate the risks associated with these technologies.

Microsoft 365 Copilot Feature

Microsoft 365 Copilot is a content-aware chat feature that allows users to interact with AI agents. The feature was first rolled out to paying business customers in September 2025 and is designed to provide users with a more intuitive and interactive way of working with Microsoft applications.

Vulnerability Details

The vulnerability is tracked under CW1226324 and affects the Copilot “work tab” chat feature. Microsoft has emphasized that users’ messages with a confidential label applied are being incorrectly processed by the feature, despite the presence of sensitivity labels and data loss prevention policies.

The incident serves as a reminder of the need for ongoing vigilance and monitoring to ensure that AI-powered tools are operating as intended and that sensitive information is properly protected.



About Author

Vaibhav

See author's posts

More Stories

Combatting-Disinformation-Strategies-to-Boost-Resilience-and-Effective-Responsedata

Combatting Disinformation: Strategies to Boost Resilience and Effective Response

Vaibhav February 18, 2026
Optimize-Exposure-Management-with-Brinqa-s-AI-Powered-Automationdata

Optimize Exposure Management with Brinqa’s AI-Powered Automation

Vaibhav February 18, 2026
Dell-Zero-Day-Exploit-China-Linked-Hackers-Target-Vulnerability-Since-2024data

Dell Zero-Day Exploit: China-Linked Hackers Target Vulnerability Since 2024

Vaibhav February 18, 2026

You may have missed

Combatting-Disinformation-Strategies-to-Boost-Resilience-and-Effective-Responsedata

Combatting Disinformation: Strategies to Boost Resilience and Effective Response

Vaibhav February 18, 2026
Chinese-Linked-SIM-Box-Scam-Exposed-in-Gurugram-Indiadata-3

Chinese-Linked SIM Box Scam Exposed in Gurugram, India

Vaibhav February 18, 2026
Optimize-Exposure-Management-with-Brinqa-s-AI-Powered-Automationdata

Optimize Exposure Management with Brinqa’s AI-Powered Automation

Vaibhav February 18, 2026
Dell-Zero-Day-Exploit-China-Linked-Hackers-Target-Vulnerability-Since-2024data

Dell Zero-Day Exploit: China-Linked Hackers Target Vulnerability Since 2024

Vaibhav February 18, 2026
Chinese-Linked-SIM-Box-Scam-Exposed-in-Gurugram-Indiadata-2

Chinese-Linked SIM Box Scam Exposed in Gurugram, India

Vaibhav February 18, 2026
en_USEnglish
en_USEnglish