Microsoft admits a Copilot error exposed confidential Outlook emails, raising concerns about AI governance, data protection, and enterprise IT security worldwide.
 |
| Experts warn that Microsoft’s Copilot email processing error highlights systemic risks in rapidly deployed generative AI tools across global enterprises. Image: CH |
Tech Desk — February 20, 2026:
Microsoft has acknowledged that a technical error in its workplace AI assistant, Microsoft 365 Copilot Chat, resulted in some users’ confidential emails being accessed and summarised unintentionally. While the company insists no unauthorised individuals gained access to restricted information, the incident has intensified debate over the governance and reliability of generative AI tools in enterprise environments.
Microsoft confirmed that Copilot Chat could return content from emails labelled “confidential” that were authored by users and stored in their Draft and Sent Items folders in Outlook desktop. The behaviour occurred despite sensitivity labels and data loss prevention (DLP) policies being in place.
The issue was first reported by Bleeping Computer, which cited a Microsoft service alert detailing how Copilot’s “work” tab summarised content from draft and sent emails incorrectly. According to Microsoft, the root cause was traced to a code issue, and a global update has since been deployed.
The alert was also referenced on a support dashboard for staff within the National Health Service in England. The NHS stated that no patient information had been exposed and that draft and sent messages remained visible only to their original authors.
Microsoft emphasised that access controls and data protection frameworks were not bypassed. In its explanation, the company said the tool did not expose information to users who lacked authorisation. Instead, it processed content that users themselves had authored and stored — a behaviour that, while technically contained, diverged from the intended Copilot experience.
The distinction is critical. From a compliance standpoint, internal misprocessing of sensitive material can still raise red flags, even if no external breach occurs. For enterprises operating under strict regulatory regimes, AI tools must not only prevent unauthorised access but also strictly adhere to established data handling policies.
Experts argue that the episode highlights the structural risks associated with the rapid rollout of generative AI capabilities in corporate IT ecosystems.
Nader Henein, an analyst at Gartner, noted that as AI features are layered onto existing productivity software at speed, governance mechanisms often struggle to keep pace. Organisations may lack the visibility and oversight required to evaluate how each new AI capability interacts with established compliance controls.
Cybersecurity expert Professor Alan Woodward of the University of Surrey echoed these concerns, stressing that AI systems should be private by default and enabled deliberately. As AI models evolve rapidly, he warned, unintended data exposure — even if limited in scope — is likely to remain an operational risk.
Microsoft has positioned Copilot as a transformative productivity tool embedded across Outlook, Teams and other enterprise platforms. Its promise lies in automation — summarising emails, generating responses, and synthesising workplace communications at scale. Yet the same automation can magnify the impact of technical errors.
For organisations in sectors such as healthcare, finance and government — particularly across Europe and North America — the stakes extend beyond productivity gains. Trust, compliance, and reputational integrity are on the line.
Although Microsoft’s swift corrective update may contain the immediate issue, the incident underscores a broader industry reality: integrating AI into enterprise IT systems requires not only innovation but sustained oversight, rigorous testing, and governance frameworks robust enough to withstand the pace of technological change.
As businesses worldwide accelerate AI adoption, the question is no longer whether such missteps will occur — but how prepared organisations are to detect, contain and transparently address them when they do.