Copilot and the DLP policy breach

Microsoft 365 Copilot Chat has been shown to be able to summarize emails labeled as "confidential", even when data loss prevention (DLP) policies were active to block such access. This unexpected behavior raises serious concerns regarding data security and the effectiveness of implemented protection measures.

Implications for data security

Copilot's ability to bypass DLP policies highlights a potential vulnerability in enterprise security systems. Companies that rely on artificial intelligence tools for email management and other sensitive activities must carefully assess the risks associated with data loss and implement more stringent controls to ensure compliance with privacy regulations and data protection.

For those evaluating on-premise deployments, there are trade-offs to consider. AI-RADAR offers analytical frameworks on /llm-onpremise to evaluate these options.