Microsoft 365 Copilot Bug Accesses Sensitive Email Data

Microsoft issued a security notice (Issue ID CW1226324) reporting a bug where Copilot is accessing and referencing content from the Sent Items and Drafts folders, despite confidential labels and Data Loss Prevention (DLP) policies being applied. The issue was highlighted in the Microsoft 365 Admin Service Health dashboard. BleepingComputer also covered the incident, confirming the bug’s impact on sensitive email data.