Microsoft acknowledged a bug in its Microsoft 365 Copilot Chat that mistakenly accessed and summarised some users’ confidential emails. The issue affected messages in drafts and sent folders, including those marked confidential.
Microsoft said a worldwide configuration update has fixed the problem and stressed that no one gained access to emails they weren’t already authorised to see. The tool, used in Outlook and Teams, allows employees to summarise messages and answer questions.
Experts warn that such errors are an inevitable risk as companies rapidly roll out new AI features. Nader Henein, Gartner analyst, noted organisations often lack tools to manage emerging AI capabilities, while cybersecurity expert Professor Alan Woodward emphasized the importance of private-by-default, opt-in AI tools.
The error, first noticed in January, was also reported on the NHS IT support site, though patient information was not exposed. Microsoft described the root cause as a “code issue” and reiterated that Copilot Chat’s access controls and data protections remained intact.
Microsoft acknowledged a bug in its Microsoft 365 Copilot Chat that mistakenly accessed and summarised some users’ confidential emails. The issue affected messages in drafts and sent folders, including those marked confidential.
Microsoft said a worldwide configuration update has fixed the problem and stressed that no one gained access to emails they weren’t already authorised to see. The tool, used in Outlook and Teams, allows employees to summarise messages and answer questions.
Experts warn that such errors are an inevitable risk as companies rapidly roll out new AI features. Nader Henein, Gartner analyst, noted organisations often lack tools to manage emerging AI capabilities, while cybersecurity expert Professor Alan Woodward emphasized the importance of private-by-default, opt-in AI tools.
The error, first noticed in January, was also reported on the NHS IT support site, though patient information was not exposed. Microsoft described the root cause as a “code issue” and reiterated that Copilot Chat’s access controls and data protections remained intact.
Author: Mohammed Najem