Microsoft Copilot — Microsoft

⚠️ The bottom line

Microsoft's Copilot ignored confidentiality labels on emails for a month in early 2026 — the second time in eight months it failed to keep secrets secret. The European Parliament's response was immediate: they disabled Copilot on all 8,000 of their devices. When the people who write privacy laws won't trust your AI with their own emails, that tells you everything. Microsoft says you can opt out of Copilot training. But the privacy policy still allows using your data for "advertising," "product improvement," and "compliance." Opting out of training doesn't opt you out of collection. Researcher Arvind Narayanan found Microsoft's privacy controls create an "illusion of choice" — the data still flows, just under different legal justifications.

Legal jurisdiction

🇺🇸 United States (headquarters)

⚠CLOUD Act read more →

US govt can demand your data from this company even if stored overseas

⚠FISA §702 / PRISM read more →

NSA collects stored emails, photos, messages without individual warrants

●Geofence warrants read more →

Police can demand location data for everyone near a crime scene

Spying

1/4 LOW

Is someone spying on me?

Data Sharing

3/4 HIGH

Who gets my data?

Security

2/4 MODERATE

Is it actually secure?

Honesty

3/4 HIGH

Can I trust what they say?

7Contradictions

1Critical

4High

2Medium

9Sources

Findings by concern

Spying 1/4 LOW 1 finding

⚫ mediumfirmware analysis vs regulatory findings

Microsoft was the first company on the NSA's PRISM slides in 2007. Now it's embedded AI into Windows, Office, Edge, and Outlook. Copilot reads your documents, summarises your emails, and attends your meetings. Microsoft has never published a transparency report specific to Copilot data requests. The largest surveillance partner in tech history now has an AI reading your work.

What they claim: Copilot data is handled securely.

What we found: US jurisdiction (FISA, NSLs). 18-month retention. Human review. PRISM first. No Copilot-specific transparency report.

Data Sharing 3/4 HIGH 3 findings

⚡ highpolicy claims vs firmware analysis

Microsoft says you can opt out of Copilot training. But the privacy policy still allows using your data for "advertising," "product improvement," and "compliance." Opting out of training doesn't opt you out of collection. Researcher Arvind Narayanan found Microsoft's privacy controls create an "illusion of choice" — the data still flows, just under different legal justifications.

What they claim: Users can opt out of Copilot training.

What we found: Consumer: training by default. Opt-out excludes training but NOT product improvements, advertising, safety, compliance. Human reviewers. 18-month retention. Files 30 days.

⚡ highfirmware analysis vs policy claims

Copilot is embedded in Windows, Edge, Office, and Bing — you can't use a modern Windows PC without encountering it. Microsoft's privacy policy discloses 801 advertising partners. The AI that reads your documents, emails, and search queries feeds into the same ecosystem that serves you ads. Microsoft doesn't disclose how many of those 801 partners receive Copilot-derived data.

What they claim: Copilot enhances productivity while respecting privacy.

What we found: In Windows, Edge, M365. Same infrastructure: Outlook (801 partners), DiagTrack, Bing. PRISM first (2007). Difficult to avoid on Windows.

⚫ mediumpolicy claims vs regulatory findings

Enterprise Copilot promises your data stays private. Consumer Copilot feeds into Microsoft's advertising and product improvement pipeline. Same product, same name, different rules. If your employer pays, you get privacy. If you use the free version at home, you get data collection. Microsoft doesn't make this distinction obvious — you have to read the enterprise agreement to know the difference.

What they claim: Microsoft protects all Copilot users equally.

What we found: Enterprise M365: no training. Consumer: training + review + retention + ads. Three privacy tiers by payment level.

Security 2/4 MODERATE 1 finding

⚡ highmarketing vs third party research

Microsoft disclosed three critical security holes in Copilot on May 7, 2026. One was a command injection bug in Edge's Copilot Chat scored 7.5 out of 10. In companies where Copilot can see everything — which is the default — an attacker could have extracted trade secrets, confidential emails, and internal records through the AI assistant Microsoft told everyone to trust.

What they claim: Microsoft markets Copilot as a secure AI assistant integrated across Microsoft 365 with enterprise-grade data protection.

What we found: On May 7, 2026, Microsoft disclosed three critical vulnerabilities in Copilot: CVE-2026-26129 (information disclosure in Business Chat), CVE-2026-26164 (information disclosure), and CVE-2026-33111 (command injection in Edge Copilot Chat, CVSS 7.5). In environments with broad data access, impact could include exposure of intellectual property and confidential communications.

Honesty 3/4 HIGH 2 findings

⚠️ criticalpolicy vs regulatory

What they claim: Microsoft claims Copilot respects sensitivity labels and data loss prevention (DLP) policies to protect classified information.

What we found: A code defect in Microsoft 365 Copilot bypassed sensitivity labels on Outlook emails for approximately four weeks in early 2026, exposing confidential content in Sent Items and Drafts — the second such failure in eight months. The European Parliament responded by disabling AI-powered features across 8,000 employee devices on February 17, 2026.

⚡ highmarketing vs app

Microsoft Copilot just got a redesign. Now it reads your emails, files, chats, and meetings all at once — not when you ask, but constantly. That draft you haven't sent? Copilot read it. That Teams message to your colleague about the boss? Copilot summarised it. Microsoft calls this "a new design." It's actually the end of any boundary between your work and Microsoft's AI.

What they claim: Microsoft positions Copilot as an assistant that helps with the task at hand

What we found: Copilot's new design pulls from emails, files, chats, and meetings inline — all at once, all the time. It no longer waits for you to ask about a specific document. It proactively reads across your entire Microsoft 365 workspace to surface suggestions. Your private draft, your Teams DM, your calendar — all fair game for AI summarisation.

Latest Risks & Threats

New developments that compound existing privacy concerns. 1 active threat.

THREAT Copilot Reads Your Documents 🤖 Ai Launched 2024-01-15

Microsoft embedded Copilot AI into Word, Excel, PowerPoint, Outlook, Teams, and Windows itself. It reads your emails, summarizes your meetings, and drafts responses using your data. Microsoft 365 Copilot costs $30/user/month and processes everything through Microsoft servers. Your employer pays for AI to read your work — and Microsoft keeps the training signal. The same company caught reading Outlook emails to target ads now has an AI that reads everything.

Sources

Ars Technica: Microsoft Copilot for 365 Gets More AI Features (2024-03-01)

What happened to real people

Documented incidents involving Microsoft products and user data.

First PRISM participant (2007). 31% of US legal demands come with secrecy orders — 1,974 gag orders in H1 2025 alone. Users never told their data was demanded. [source]

Storm-0558: Chinese hackers used a stolen Microsoft signing key to access US government officials' email accounts. Microsoft's own infrastructure was the attack vector. [source]

What your data is worth to governments

Microsoft complied with 6,288 government data requests in H1 2025. That's 31% of demands include secrecy orders. Microsoft has been a confirmed PRISM participant since 2007. Under this programme, the NSA collects stored communications. The company is legally prohibited from telling you. Jurisdiction: US (CLOUD Act, FISA Section 702, Patriot Act).

Documented: First PRISM participant (2007). 31% of US legal demands come with secrecy orders — 1,974 gag orders in H1 2025 alone. Users never told their data was demanded.

Documented: Storm-0558: Chinese hackers used a stolen Microsoft signing key to access US government officials' email accounts. Microsoft's own infrastructure was the attack vector.

What is PRISM? · What is the CLOUD Act? · Transparency report

Sources

Microsoft Copilot Privacy Failure: How DLP Broke (2026-02-17)
Exodus Privacy: Microsoft Copilot app (2024-01-01)
Microsoft Delays Copilot+ Recall Over Privacy Concerns (2024-11-01)
EFF: Microsoft privacy concerns(link unavailable) (2016-08-17)
DoublePulsar: Microsoft Recall — Security and Privacy Implications (2024-01-01)
Introducing a new design for Microsoft 365 Copilot (2026-05-28)
Critical Microsoft 365 Copilot Vulnerabilities Expose Sensitive Information (2026-05-07)
Mozilla PNI: Microsoft Copilot (2024-01-01)
TechRadar: Microsoft 365 Copilot GDPR Compliance Risk (2026-01-01)