Microsoft says Office bug exposed customers’ confidential emails to Copilot AI

Source: TechCrunch

In Brief

Posted: 6:44 AM PST · February 18, 2026

Image Credits: Rafael Henrique/SOPA Images/LightRocket / Getty Images

Microsoft has confirmed that a bug allowed its Copilot AI to summarize customers’ confidential emails for weeks without permission.

Bug Description

The issue, first reported by Bleeping Computer, let Copilot Chat read and outline the contents of emails dating back to January, even when customers had data‑loss‑prevention policies intended to block ingestion of sensitive information into Microsoft’s large language model.

Affected Services

Copilot Chat enables paying Microsoft 365 customers to use an AI‑powered chat feature within Office applications such as Word, Excel, and PowerPoint. The bug, trackable by admins as CW1226324, caused draft and sent email messages with a confidential label applied to be incorrectly processed by Microsoft 365 Copilot chat.

Microsoft’s Response

• A fix began rolling out in early February.
• A Microsoft spokesperson did not respond to a request for comment, including inquiries about the number of affected customers.

Related Developments

Earlier this week, the European Parliament’s IT department told lawmakers that it blocked built‑in AI features on work‑issued devices, citing concerns that the AI tools could upload potentially confidential correspondence to the cloud.