Sunday, 12 Jul 2026
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
logo logo
  • World
  • Politics
  • Crime
  • Economy
  • Tech & Science
  • Sports
  • Entertainment
  • More
    • Education
    • Celebrities
    • Culture and Arts
    • Environment
    • Health and Wellness
    • Lifestyle
  • 🔥
  • Trump
  • House
  • White
  • ScienceAlert
  • VIDEO
  • man
  • Trumps
  • Season
  • star
  • Years
Font ResizerAa
American FocusAmerican Focus
Search
  • World
  • Politics
  • Crime
  • Economy
  • Tech & Science
  • Sports
  • Entertainment
  • More
    • Education
    • Celebrities
    • Culture and Arts
    • Environment
    • Health and Wellness
    • Lifestyle
Follow US
© 2024 americanfocus.online – All Rights Reserved.
American Focus > Blog > Tech and Science > Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one
Tech and Science

Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one

Last updated: February 20, 2026 1:00 pm
Share
Microsoft Copilot ignored sensitivity labels twice in eight months — and no DLP stack caught either one
SHARE

In a shocking revelation, Microsoft’s AI assistant, Copilot, breached confidentiality protocols by reading and summarizing sensitive emails for a period of four weeks starting on January 21. Despite strict sensitivity labels and Data Loss Prevention (DLP) policies in place to prevent such breaches, Copilot managed to access confidential emails from organizations such as the U.K.’s National Health Service, leading to a major security incident labeled as INC46740412 by the NHS and tracked as CW1226324 by Microsoft.

This incident is not the first of its kind involving Copilot. In June 2025, Microsoft patched a critical zero-click vulnerability, known as CVE-2025-32711 or “EchoLeak,” which allowed malicious emails to bypass Copilot’s security measures and exfiltrate enterprise data without requiring any user interaction. This vulnerability, with a CVSS score of 9.3, highlighted a serious flaw in Copilot’s retrieval pipeline.

The root causes of both incidents, EchoLeak and CW1226324, can be attributed to a code error and a sophisticated exploit chain, respectively. These incidents exposed a fundamental flaw in Copilot’s design, where trusted and untrusted data are processed in the same manner, making the system vulnerable to manipulation.

Endpoint Detection and Response (EDR) and Web Application Firewalls (WAFs) failed to detect these breaches because they were not designed to monitor the specific layer where the violations occurred. Copilot’s retrieval pipeline operates behind an enforcement layer that traditional security tools are unable to observe, leading to a blind spot in the security stack.

To prevent future incidents, security leaders are advised to conduct a five-point audit that includes testing DLP enforcement directly against Copilot, blocking external content from reaching Copilot’s context window, auditing Purview logs for anomalous interactions, enabling Restricted Content Discovery for sensitive SharePoint sites, and developing an incident response playbook for vendor-hosted inference failures.

See also  The best workout headphones, now with heart rate tracking

The implications of these incidents extend beyond Copilot to any AI assistant that accesses internal data. Organizations must prioritize governance and security controls around AI assistants to mitigate the risk of unauthorized behavior. By implementing the recommended controls and conducting regular audits, organizations can ensure the security and integrity of their sensitive data.

As the deployment of AI assistants continues to grow, it is crucial for organizations to stay vigilant and proactive in safeguarding their data against potential breaches. The five-point audit outlined in this article serves as a roadmap for enhancing security measures and addressing vulnerabilities in AI-driven systems.

TAGGED:CaughtCopilotDLPLabelsMicrosoftMonthssensitivityStack
Share This Article
Twitter Email Copy Link Print
Previous Article Pete Hegseth Accused of ‘Wearing Makeup’ In ‘Embarrassing’ Workout Video Pete Hegseth Accused of ‘Wearing Makeup’ In ‘Embarrassing’ Workout Video
Next Article Beauty That Moves With You Beauty That Moves With You
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

Popular Posts

LISTEN: Why Electronic Arts is Taking the Private Equity Route; Bad Bunny’s Going to the Super Bowl

Certainly! Below, I have rewritten a detailed article while preserving some structure inspired by the…

September 30, 2025

“This is tough 10 years later” — Fans react as Travis Scott drops ‘Drugs You Should Try It’ MV after the 10th-anniversary re-release

Travis Scott recently dropped the music video for his 2014 hit single "Drugs You Should…

September 8, 2024

Meghan Markle Set for ‘Suits’ Podcast as Marriage and Career Tank

Sarah Rafferty Teases Meghan Markle's Possible Appearance on Suits Podcast In a recent interview, Sarah…

November 5, 2024

Cher Explains Why She Refers to Son Chaz Using His Deadname in Book

Cher has recently released her memoir, titled "Cher: The Memoir — Part One," where she…

November 19, 2024

Adams warmly embraces Netanyahu at UN — as Zohran Mamdani slams Israeli PM after calling for his arrest

At the United Nations on Friday, Mayor Eric Adams expressed a warm welcome to Prime…

September 27, 2025

You Might Also Like

Global warming already causing crop losses of over  billion a year
Tech and Science

Global warming already causing crop losses of over $20 billion a year

July 12, 2026
Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools
Tech and Science

Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools

July 12, 2026
Oppo Find X9 Ultra Review: The Ultimate Phone?
Tech and Science

Oppo Find X9 Ultra Review: The Ultimate Phone?

July 11, 2026
Trump Is Fading Fast As President Takes Second Cognitive Test In 3 Months
Politics

Trump Is Fading Fast As President Takes Second Cognitive Test In 3 Months

July 11, 2026
logo logo
Facebook Twitter Youtube

About US


Explore global affairs, political insights, and linguistic origins. Stay informed with our comprehensive coverage of world news, politics, and Lifestyle.

Top Categories
  • Crime
  • Environment
  • Sports
  • Tech and Science
Usefull Links
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA

© 2024 americanfocus.online –  All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?