Microsoft's AI Secretly Read Your Confidential Emails for Weeks

Your Most Sensitive Emails Were AI Training Data

For weeks, Microsoft's Copilot AI was quietly reading and summarizing customers' confidential emails without permission. Not by design—by bug. But the distinction matters less when your trade secrets have already been processed by a large language model.

The bug, tracked as CW1226324, completely bypassed data loss prevention policies that companies specifically set up to keep sensitive information away from AI systems. Even emails marked "confidential" were fair game. Microsoft began rolling out fixes in early February, but won't say how many customers were affected.

It's not just about the breach—it's about the blind spot.

The Corporate Panic Button

The European Parliament didn't wait for explanations. This week, they blocked all AI features on lawmakers' work devices, citing fears that confidential correspondence could be uploaded to the cloud. It's a dramatic move that signals how quickly institutional trust can evaporate.

Across corporate America, IT departments are having emergency meetings. The calculation is brutal: AI tools like Copilot have become competitive necessities, but data breaches can be existential threats. One Fortune 500 CISO put it bluntly: "We're choosing between efficiency and paranoia. There's no middle ground."

The $30 Trust Tax

Copilot Chat costs $30 per user per month for Microsoft 365 customers. It promises to revolutionize productivity in Word, Excel, and PowerPoint. For many companies, it's already indispensable—which makes this breach particularly insidious.

The financial sector is especially vulnerable. Banks and investment firms handle information that could move markets. Healthcare organizations manage patient records protected by HIPAA. Legal firms guard attorney-client privilege. For them, "oops, our AI read your confidential data" isn't just embarrassing—it's potentially catastrophic.

What's more troubling: this wasn't a hack or a malicious attack. It was a system failure that treated confidentiality labels as suggestions rather than commands.

The New Privacy Paradox

We're witnessing the emergence of a new kind of privacy violation—one where the breach isn't malicious actors stealing data, but trusted systems misunderstanding their boundaries. The AI doesn't know it's reading something confidential; it just processes whatever it's fed.

This creates a paradox for businesses: the more useful AI becomes, the more data it needs access to. But the more data it accesses, the greater the risk of exactly this kind of "accidental" exposure.