Last mentioned: Feb 18, 2026
Public Disclosure
Microsoft and security researchers confirm that Copilot has been bypassing DLP to summarize emails.
Mitigation Efforts
Microsoft begins addressing the Office bug to restore data protection policy enforcement.
Bug Emergence
Estimated start of the bug affecting Copilot's DLP enforcement mechanisms.
A critical vulnerability in Microsoft 365 Copilot allowed the AI assistant to access and summarize confidential emails, bypassing established Data Loss Prevention (DLP) policies. The bug, active since late January, represents a significant breach of trust for enterprise customers relying on Microsoft's security framework for AI integration.
This page surfaces every story mentioning Microsoft 365 Copilot across our cybersecurity coverage. We track each entity's appearance over time so readers can trace how the narrative evolves — which developments are isolated incidents, which build into longer arcs, and which reframe how operators in the space think about the entity. Story selection uses the same multi-source verification gate applied across the rest of our coverage.
Read our editorial methodology for how we identify, deduplicate, and score entity references. Our glossary defines the technical terms used across stories on this page, and our trends index contextualizes individual developments against the longer-running cybersecurity beat. Cross-entity comparisons live on our compare view.
| What you see | What it tells you |
|---|---|
| Story count | Number of distinct stories where Microsoft 365 Copilot was a primary or referenced actor. |
| Recency clustering | Whether mentions are concentrated in a recent window (a news cycle) or distributed (a sustained arc). |
| Sentiment distribution | Aggregate sentiment of the stories mentioning this entity, weighted by impact score. |
| Cross-niche links | When the same entity surfaces in our sibling networks, we link to those views to enrich context. |