Microsoft has confirmed that a bug allowed its Copilot AI to summarize customers’ confidential emails for weeks without permission.
Bug, first reported bleeping computerCopilot Chat was allowed to read and outline the contents of emails since January, even though customers had data loss prevention policies in place to prevent their sensitive information from being included in Microsoft’s larger language model.
Copilot Chat allows Microsoft 365 subscribers to use the AI-powered chat feature in its Office software products, including Word, Excel, and PowerPoint.
Microsoft said that this bug can be tracked by admins CW1226324means that drafts and sent email messages “with the confidential label are being processed incorrectly by Microsoft 365 CoPilot Chat.”
The tech giant said it started fixing the bug in early February. A Microsoft spokesperson did not respond to a request for comment, including a question about how many customers are affected by the bug.
Earlier this week, the IT department of the European Parliament told lawmakers It blocked built-in AI features on their work-issued devices, citing concerns that AI devices could upload potentially confidential correspondence to the cloud.
