Microsoft says Office bug exposed customers’ confidential emails to Copilot AI
highnewsLLM-Specific
securityprivacy
Source: TechCrunch (Security)February 18, 2026
Summary
Microsoft discovered a bug that allowed Copilot (an AI chat feature in Office software) to read and summarize customers' confidential emails without permission for several weeks, even when data loss prevention policies (rules meant to block sensitive information from being sent to AI systems) were in place. The bug affected emails labeled as confidential and was tracked internally as CW1226324.
Solution / Mitigation
Microsoft said it began rolling out a fix for the bug earlier in February.
Classification
Attack Type
PII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Affected Vendors
Microsoft
Related Issues
Original source: https://techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/
First tracked: February 18, 2026 at 11:00 AM
Classified by LLM (prompt v3) · confidence: 95%