Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one

Microsoft's CW1226324 advisory confirms Copilot bypassed sensitivity labels and DLP policies for four weeks. Combined with EchoLeak (CVE-2025-32711), it reveals a structural blind spot in enterprise ...

Microsoft Copilot Ignored Sensitivity Labels, Processed Confidential Emails

A code error in Copilot Chat’s “Work” tab allowed the AI to pull emails from users’ Sent Items and Drafts folders — even when those emails carried confidentiality labels and had DLP rules explicitly ...
The Register on MSN

Copilot spills the beans, summarizing emails it's not supposed to read

Data Loss Prevention? Yeah, about that... The bot couldn't keep its prying eyes away. Microsoft 365 Copilot Chat has been summarizing emails labeled “confidential” even when data loss prevention ...

Check your Copilot settings after this confidential email bug

Microsoft says a Copilot "work tab" bug summarized confidential emails from Sent Items and Drafts despite labels and DLP. A ...

Microsoft says bug causes Copilot to summarize confidential emails

Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late ...
Windows Report

New DLP Update Stops Copilot From Reading Sensitive Office Files

Microsoft expands DLP controls to prevent Copilot from processing confidential Office files across local devices, SharePoint, and OneDrive.

sensitivity labels

A code bug blew past every security label in the book… and exposed the fatal flaw in how we govern AI.