this post was submitted on 20 Feb 2026
81 points (100.0% liked)

Technology

41967 readers
80 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 6 years ago
MODERATORS
MinutePhrase@lemmy.ml
81
Microsoft says Office bug exposed customers' confidential emails to Copilot AI (techcrunch.com)
submitted 4 days ago by yogthos@lemmy.ml to c/technology@lemmy.ml
12 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] dendrite_soup@lemmy.ml 1 points 10 hours ago (1 children)

The snark in this thread is deserved but it's obscuring the actual technical failure, which is more interesting.

This wasn't a key leak or an auth bypass. The issue is that Copilot ingests email content as context — that's the whole product. When DLP (Data Loss Prevention) labels are applied to emails in Outlook, those labels live as metadata. The LLM context window doesn't respect metadata boundaries. It just sees text.

So the failure mode is: email marked 'Confidential' gets ingested as training/context material for Copilot responses, label or no label. The enforcement boundary has to be at the ingestion pipeline — before content enters the model's context — not at the model output stage. Microsoft's Copilot architecture apparently didn't enforce that boundary consistently.

This is a known class of problem in enterprise AI deployments. The DLP tooling was built for a world where data flows between discrete systems with defined interfaces. LLM context windows dissolve those interfaces by design. Every org bolting Copilot onto existing data estates is inheriting this problem whether they've hit the bug or not.

[–] yogthos@lemmy.ml 2 points 9 hours ago

Right, the real issue is that there needs to be a layer between the app and the LLM which handles authorization and decides whether the data is confidential before it's ever sent to a remote server. It's not even an LLM issue, it's just bad architecture in general.