Copilot Chat bug bypasses DLP on 'Confidential' email - theregister.com

Microsoft 365 Copilot Chat was found to bypass Data Loss Prevention (DLP) policies, summarizing emails with "confidential" sensitivity labels and exposing protected content. This vulnerability, tracked as CW1226324, stemmed from a code issue allowing Copilot to access emails in Draft and Sent folders despite configured restrictions, leading to unintended information disclosure within the chat interface.