Microsoft Copilot (Microsoft 365): [Copilot Chat] Email attachment summarization (Modern Attachments)

🚨 The Signal: Copilot Chat can now summarise content from linked Word, Excel, PowerPoint, PDF, Text, JSON, and XML attachments in emails. This expands data exposure risk within AI interactions.

The Impact

All users interacting with Copilot Chat are affected, increasing the risk of sensitive data exposure through AI summarisation.

• End Users: Risk of unintentional disclosure of sensitive data via Copilot Chat.
• Security Teams: Increased surface area for data leakage and compliance challenges.
• Data Owners: Broader exposure of classified information to AI processing.
• Compliance Officers: New considerations for data handling and retention policies.

The Action

1. Review and enforce Microsoft Purview Data Loss Prevention (DLP) policies for Copilot.
2. Educate users on responsible use of Copilot Chat, especially with sensitive attachments.
3. Monitor Copilot activity logs for unusual data access or summarisation patterns.
4. Assess existing data classification labels for compatibility with Copilot's new capabilities.

Domain: Agentic-AI · Impact: high · Workload: Other