A serious bug in Microsoft 365’s Copilot has been compromising email confidentiality, as reported by Bleeping Computer. This security vulnerability allowed the AI assistant to summarize emails marked as confidential, circumventing essential data loss prevention (DLP) policies. Specifically affecting the Copilot Chat feature, the bug led to the unintended processing of emails from users’ Sent Items and Drafts folders, contrary to sensitivity restrictions.
Launched for enterprise users last fall, Copilot Chat is part of Microsoft’s integration of AI across its suite, raising new cybersecurity concerns such as prompt injection and data compliance violations. Detected on January 21, the issue, tracked as CW1226324, prompted Microsoft to initiate a fix in early February and reach out to affected organizations. While a solution is being deployed, Microsoft has not yet disclosed the scale of the impact, with ongoing investigations expected to refine the scope of affected users.
Source link
