Microsoft says bug causes Copilot to summarize confidential emails
Summary
A bug in Microsoft 365 Copilot has allowed the AI assistant to summarize confidential emails since late January, bypassing configured data loss prevention (DLP) policies. This issue exposes sensitive information that organizations intended to protect. Microsoft has addressed the issue.
IFF Assessment
A bug bypassing DLP policies leads to potential exposure of sensitive data, which is detrimental to defenders.
Severity
Defender Context
This incident highlights the importance of thorough testing and validation of AI-powered tools within an organization, especially regarding data handling and security policy enforcement. Defenders should monitor Copilot activity and DLP logs for any unusual behavior and review configurations to ensure proper enforcement. The incident also points to a larger trend of AI-related security risks as AI tools become more integrated into standard business practices.