You trust your email security settings for a reason. So when an AI assistant quietly reads and summarizes messages marked confidential, that trust takes a hit.

Microsoft says a bug in Microsoft 365 Copilot allowed its AI chat feature to process sensitive emails since late January.

The issue bypassed Data Loss Prevention policies that organizations rely on to protect private information. Put simply, emails that were supposed to stay locked down were being summarized anyway.

Sign up for my FREE CyberGuy Report 

Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter    

Microsoft 365 Copilot bug summarized confidential emails

Microsoft says a coding error impacted Microsoft 365 Copilot Chat, specifically the “work tab” feature. The AI assistant helps business users summarize content, draft responses and analyze information across Word, Excel, PowerPoint, Outlook and OneNote.

Beginning Jan. 21, an internal bug labeled CW1226324 caused Copilot to read and summarize emails stored in Sent Items and Drafts folders.

The real concern runs deeper. Several of those messages carried confidentiality or sensitivity labels.

Companies apply those labels along with DLP policies to block automated systems from accessing restricted content. Despite those safeguards, Copilot still generated summaries. 

We reached out to Microsoft, and a spokesperson provided CyberGuy with the following statement:

“We identified and addressed an issue where Microsoft 365 Copilot Chat could return content from emails labeled confidential authored by a user and stored within their Draft and Sent Items in Outlook desktop. This did not provide anyone access to information they weren’t already authorized to see. While our access controls and data protection policies remained intact, this behavior did not meet our intended Copilot experience, which is designed to exclude protected content from Copilot access. A configuration update has been deployed worldwide for enterprise customers.” 

Why the Microsoft 365 Copilot bug matters for data security

AI tools feel helpful. They save time and reduce busy work. But they also rely on deep access to your data. When safeguards fail, even temporarily, sensitive content can move in ways you did not expect.

YOUR PHONE SHARES DATA AT NIGHT: HERE’S HOW TO STOP IT

For businesses, that could mean:

Legal discussions summarized outside intended controls

Financial projections processed despite restrictions

HR communications are exposed to automated analysis

Even if no data leaves the organization, the bypass itself raises concerns about how AI integrates with enterprise security systems.

How Microsoft is fixing the Microsoft 365 Copilot bug

Microsoft says it began rolling out a fix in early February. The company continues to monitor deployment and is contacting some affected users to verify the fix works.

However, Microsoft has not provided a final timeline for full remediation. It has also not disclosed how many organizations were affected.

The issue is tagged as an advisory, which usually signals limited scope or impact. Still, many security professionals will want deeper clarity before feeling comfortable.

What this Microsoft 365 Copilot issue reveals about AI security

This incident highlights something many companies are wrestling with right now. AI assistants sit inside productivity platforms. They need access to email, documents and collaboration tools to work well.

TIKTOK AFTER THE US SALE: WHAT CHANGED AND HOW TO USE IT SAFELY

At the same time, those platforms contain your most sensitive information. When AI features expand quickly, security policies must evolve just as fast. Otherwise, even a small code mistake can create unexpected exposure.

Ways to stay safe after the Microsoft 365 Copilot bug

If your organization uses Microsoft 365 Copilot, here are practical steps to reduce risk:

1) Review Copilot access settings

Work with your IT team to confirm which folders and data sources Copilot can access.

2) Revalidate DLP policies

Test sensitivity labels and DLP (Data Loss Prevention)  rules to ensure they block AI processing as intended.

3) Monitor advisory updates

Stay current on Microsoft service alerts and verify that the fix is fully deployed in your tenant.

4) Limit AI scope during investigations

If you have concerns, consider temporarily restricting Copilot features until verification is complete.

5) Train employees on AI boundaries

Remind staff that AI assistants can process drafts and send messages. Encourage careful handling of sensitive content.

6) Audit Copilot activity logs

Review audit logs to see whether Copilot accessed or summarized labeled emails. This helps determine actual exposure rather than assumed risk.

7) Review sensitivity label configuration

Confirm that confidential labels are configured to block AI processing where required. Misconfigured labels can create gaps even after a bug is fixed.

8) Reassess retention and draft policies

Because the issue involved Sent Items and Drafts, evaluate whether sensitive drafts should be stored long-term or deleted after sending.

9) Limit Copilot to specific user groups

Instead of enabling Copilot organization-wide, consider a phased deployment to departments with lower sensitivity exposure.

10) Conduct a post-incident security review

Use this moment to reassess how AI tools integrate with compliance controls. Treat it as a learning opportunity rather than a one-time glitch.

Pro Tip: This Copilot bug centers on enterprise controls. Even so, AI tools operate on your devices and accounts, so keeping software up to date and using strong antivirus software adds an important layer of defense. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

Considering a more private email provider

Enterprise AI bugs raise a bigger question: how much access should email platforms have to your data in the first place? If you want an added layer of privacy beyond mainstream providers, privacy-focused email services are worth exploring.

Some offer end-to-end encryption, support for PGP encryption and a strict no-ads business model that avoids scanning messages for marketing purposes.

AI WEARABLE HELPS STROKE SURVIVORS SPEAK AGAIN

Many also allow you to create disposable email aliases, which can reduce spam and limit exposure if one address is compromised.

While no provider is immune to software bugs, choosing an email service built around privacy rather than data monetization can limit how much of your information is accessible to automated systems in the first place.

For individuals, journalists and small businesses especially, that added control can make a meaningful difference.

For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com

Kurt’s key takeaways

AI assistants are becoming part of daily work life. They promise speed, efficiency and smarter workflows. But convenience should never outrun security.

This Copilot bug may have a limited impact. Still, it serves as a reminder that AI tools are only as strong as the guardrails behind them.

When those guardrails slip, even briefly, sensitive information can move in unexpected ways. As AI becomes more embedded in business software, trust will depend on transparency, fast fixes and clear communication.

Here is the real question: If your AI assistant can see everything you write, are you fully confident it respects every boundary you set? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter 

Copyright 2026 CyberGuy.com.  All rights reserved.  

Related Article

Just days after showing off the Galaxy S26, Samsung is finally rolling out the ability for users to unlock their home with a tap of their phone or by simply approaching their door. The new feature, called Digital Home Key, will live inside Samsung Wallet and is powered by the Aliro smart home standard.

Samsung first teased its Digital Home Key feature in 2024 and said the feature would be available in 2025. That didn’t pan out, as the CSA’s Aliro standard — which will let users unlock smart locks with any phone — only arrived in February of this year. The new standard uses near-field communication (NFC) for its tap-to-unlock technology. It also supports ultra-wideband (UWB), giving users the ability to unlock their door as they approach and without pulling out their phone.

To add a Digital Home Key to your wallet, you’ll need to set up a compatible smart lock through SmartThings using Matter. Only some Galaxy smartphones support both NFC and UWB, including the Galaxy Z Fold 4 and up, as well as the Galaxy S22 Ultra and up. You can view the full list of compatible devices on Samsung’s website.

When you hear “brain-computer interface,” you probably picture surgery, wires and a chip in your head. Now picture something quieter. No implant. No incision. Just sound waves directed at the brain.

That is the approach behind a new wave of ultrasound brain-computer interface companies in China. One of the newest is Gestala, founded in Chengdu with offices in Shanghai and Hong Kong. The company says it is developing technology that can stimulate and eventually study brain activity using focused ultrasound.

Yes, the same basic technology is used in medical imaging. But this time, it targets neural circuits.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

What is an ultrasound brain computer interface?

Most brain-computer interface systems rely on electrodes that detect electrical signals from neurons. Neuralink is the most visible example. It places tiny threads inside the brain to record activity. Ultrasound works differently.

Instead of measuring electrical signals directly, it uses high-frequency sound waves. Depending on intensity and focus, those waves can:

• Create images of internal tissue
• Destroy abnormal tissue such as tumors
• Modulate neural activity without open surgery.

Focused ultrasound treatments are already approved for Parkinson’s disease, uterine fibroids and certain tumors. That clinical history gives companies like Gestala a foundation to build on. However, studying or interpreting brain signals with ultrasound is far more complex than delivering targeted stimulation.

WHAT TRUMP’S ‘RATEPAYER PROTECTION PLEDGE’ MEANS FOR YOU

How Gestala plans to treat chronic pain with focused ultrasound

Gestala’s first product is focused on chronic pain. The company plans to target the anterior cingulate cortex, a brain region linked to the emotional experience of pain. Early pilot studies suggest that stimulating this area can reduce pain intensity for up to a week in some patients. The first-generation device will be a stationary system used in clinics. Patients would visit a hospital for treatment sessions. Later, the company plans to develop a wearable helmet designed for supervised use at home. Over time, Gestala says it wants to expand into depression, other mental health conditions, stroke rehabilitation, Alzheimer’s disease and sleep disorders. That is an ambitious roadmap. Each condition involves different brain networks and clinical hurdles.

Can ultrasound read brain activity without implants?

Like other brain tech startups, Gestala is also exploring whether ultrasound could help interpret brain activity. The long-term concept is straightforward in theory. A device could detect patterns linked to chronic pain or depression, then deliver stimulation to specific regions in response.

Unlike traditional brain implants, which capture electrical signals from limited areas, an ultrasound-based system may have the potential to access broader regions of the brain. That possibility is one reason researchers are paying attention. Still, translating that concept into reliable data is a major engineering challenge.

The global race to build noninvasive brain interfaces

China is not alone in exploring ultrasound brain-computer interface systems. Earlier this month, OpenAI announced a significant investment in Merge Labs, a startup cofounded by Sam Altman along with researchers linked to Forest Neurotech.

Public materials from Merge Labs mention restoring lost abilities, supporting healthier brain states and deepening human connection with advanced AI. That language signals long-term ambitions. Yet experts caution that real-world applications are still years away.

GOOGLE DISMANTLES 9M-DEVICE ANDROID HIJACK NETWORK

The technical limits of ultrasound brain interfaces

Ultrasound faces technical limits. First, the skull weakens and distorts sound waves. That makes it harder to obtain precise signals. In research settings, detailed readouts of neural activity have required special implants that allow ultrasound to pass more clearly than bone.

Second, ultrasound measures changes in blood flow. Blood flow shifts more slowly than electrical firing in neurons. That delay may limit applications that require fast, detailed signal decoding, such as real-time speech translation. In short, stimulation is one challenge. Accurate readout is another level entirely.

What this means to you

Right now, this technology is experimental. You are not about to buy a brain helmet at your local electronics store. Still, the direction matters. If noninvasive ultrasound devices can reduce chronic pain or support mental health treatment, more patients may consider therapy without facing brain surgery.

At the same time, devices that analyze brain states introduce new privacy questions. Brain-related data is deeply personal. Regulators, hospitals and companies will need clear rules about how that data is stored, shared and protected. Finally, the link between AI companies and brain interface startups shows how closely digital intelligence and neuroscience are becoming intertwined. That connection could reshape medicine, wellness, and even how we interact with technology.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Brain-computer interfaces used to feel far off and experimental. Now they are a serious focus of global research and investment. China’s push to develop an ultrasound-based brain-computer interface adds momentum to a field already shaped by companies like Neuralink and new ventures backed by OpenAI. Progress is steady but measured. The potential is significant. The technical hurdles are real. What happens next will depend on whether researchers can turn promising lab results into safe, reliable treatments people can actually use.

If sound waves could one day interpret your mental state, who should decide how that information is used? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com.  All rights reserved.  

Related Article