Microsoft

Company MSFT

Last mentioned: 7h ago

Timeline

  1. Public Disclosure

    Microsoft and security researchers confirm that Copilot has been bypassing DLP to summarize emails.

  2. Mitigation Efforts

    Microsoft begins addressing the Office bug to restore data protection policy enforcement.

  3. Bug Emergence

    Estimated start of the bug affecting Copilot's DLP enforcement mechanisms.

Stories mentioning Microsoft 1

security Very Bearish

Microsoft 365 Copilot Bug Bypasses DLP to Summarize Confidential Emails

A critical vulnerability in Microsoft 365 Copilot allowed the AI assistant to access and summarize confidential emails, bypassing established Data Loss Prevention (DLP) policies. The bug, active since late January, represents a significant breach of trust for enterprise customers relying on Microsoft's security framework for AI integration.

2 sources