Microsoft Admits Copilot Error That Exposed Confidential Emails to AI Processing

In partnership with

Stop Drowning In AI Information Overload

Your inbox is flooded with newsletters. Your feed is chaos. Somewhere in that noise are the insights that could transform your work—but who has time to find them?

The Deep View solves this. We read everything, analyze what matters, and deliver only the intelligence you need. No duplicate stories, no filler content, no wasted time. Just the essential AI developments that impact your industry, explained clearly and concisely.

Replace hours of scattered reading with five focused minutes. While others scramble to keep up, you'll stay ahead of developments that matter. 600,000+ professionals at top companies have already made this switch.

Join them today, for free.

Microsoft has acknowledged a technical error in its AI-powered workplace assistant, Microsoft 365 Copilot Chat, that caused some users’ confidential emails to be accessed and summarised unintentionally. The issue has raised fresh concerns about data privacy and governance as companies rapidly integrate generative AI tools into enterprise environments.

The technology giant confirmed that the problem allowed Copilot Chat to process certain emails stored in users’ Draft and Sent Items folders within Outlook — including messages labelled as confidential. Although Microsoft has now deployed a global configuration update to fix the issue, the incident has sparked debate among cybersecurity experts about the risks associated with accelerating AI adoption in the workplace.

What Happened?

Microsoft 365 Copilot Chat is designed to help enterprise users summarise emails, draft responses, and extract key insights across Microsoft applications such as Microsoft Outlook and Microsoft Teams. Marketed as a secure and enterprise-ready AI assistant, the tool integrates directly with company data while operating under organisational access controls and compliance policies.

However, Microsoft revealed that a recent configuration issue allowed Copilot Chat to surface content from emails authored by a user and stored in their Draft and Sent folders — even when those emails carried confidentiality labels or were protected by data loss prevention (DLP) policies.

In a statement, a Microsoft spokesperson explained:

Discovery and Reporting

The problem was first reported by technology news outlet Bleeping Computer, which cited a Microsoft service alert confirming the misconfiguration. According to the report, emails with confidentiality labels were “incorrectly processed” by Copilot Chat.

Microsoft reportedly became aware of the issue in January, though details about how many users were affected have not been publicly disclosed.

The notice regarding the bug also appeared on a support dashboard for NHS workers in England. While the support site suggested that the system had been affected due to a “code issue,” NHS officials clarified that no patient data had been exposed. They stated that any draft or sent emails processed by Copilot remained accessible only to their original creators.

Security Controls Remained Intact — But Questions Persist

Microsoft stressed that its access controls and data protection frameworks were not breached. The core security model — which determines who can access specific content — functioned as intended. However, the AI tool’s behaviour did not align with expectations, particularly regarding the exclusion of protected or sensitive content.

This distinction is important. The issue was not a traditional data breach involving hackers or external intrusion. Instead, it was a case of unintended internal AI processing of confidential information — something that still poses compliance and governance challenges for enterprises.

As generative AI tools become deeply embedded into workplace systems, such incidents underscore how even minor configuration errors can have significant implications.

Experts Warn of Growing AI Governance Risks

Industry analysts argue that such incidents may become more common as companies race to integrate new AI capabilities.

Nader Henein, a data protection and AI governance analyst at Gartner, described the situation as an inevitable consequence of rapid innovation.

“This sort of fumble is unavoidable,” he said, noting the constant release of “new and novel AI capabilities.”

Henein suggested that organisations often lack sufficient governance tools to manage every new AI feature introduced into enterprise systems. Under normal circumstances, companies might disable problematic features until compliance frameworks catch up. However, competitive pressure and widespread enthusiasm surrounding AI adoption make that approach difficult.

“The torrent of unsubstantiated AI hype makes it near-impossible to pause,” he added.

Cybersecurity expert Professor Alan Woodward of the University of Surrey echoed similar concerns. He emphasized the importance of designing AI systems to be “private-by-default” and enabled only through explicit opt-in mechanisms.

“There will inevitably be bugs in these tools,” he warned. “Even though data leakage may not be intentional, it will happen.”

Broader Implications for Enterprise AI

Microsoft 365 Copilot Chat is available to organisations with a Microsoft 365 subscription and is positioned as a productivity-enhancing assistant for modern workplaces. Its promise lies in saving time, reducing repetitive tasks, and helping employees navigate large volumes of data.

However, the incident highlights a fundamental tension in enterprise AI: balancing innovation with strict data protection requirements.

In industries such as healthcare, finance, and government — where confidentiality is paramount — even minor deviations from expected data-handling behaviour can create compliance risks and reputational damage.

The rapid evolution of generative AI also means that governance frameworks often lag behind deployment. Companies must continuously review access controls, sensitivity labels, and AI integration policies to ensure sensitive information is handled appropriately.

Microsoft’s Response and Next Steps

Microsoft says it has deployed a global configuration update to resolve the issue for enterprise customers. While the company maintains that no unauthorised access occurred, it acknowledges that the behaviour did not meet its intended Copilot design principles.

The episode serves as a reminder that AI systems, no matter how advanced, remain dependent on underlying code and configuration settings. Even in secure enterprise environments, unintended behaviours can arise.

As organisations continue integrating AI assistants into daily workflows, the focus will increasingly shift toward transparency, accountability, and proactive risk management. For many businesses, this incident may prompt renewed scrutiny of how generative AI tools access and process sensitive data.