Artificial Intelligence (AI) > Is Microsoft Copilot safe?

Is Copilot safe?

Microsoft Copilot is embedded directly into Windows, Microsoft 365, Teams, and Edge — giving it broad access to your data. Before you share another file or start another conversation, you should understand where that data goes and what it means for your privacy.

The short answer

For everyday tasks, Copilot may be generally safe to use. However, due to Microsoft's data collection practices and documented privacy risks, you should avoid using it for anything sensitive.

Possibly OK for:

Drafting casual messages and emails
Summarizing publicly available articles
Brainstorming general ideas
Generating non-sensitive text
Proofreading public-facing content
Formatting and restructuring general text documents
Answering general knowledge questions

Never paste in:

Passwords, API keys, or credentials
Personal data (names, emails, IDs)
Confidential financial data
Medical records or health information
Legal documents, contracts, or privileged communications
Proprietary product roadmaps or trade secrets
Employee or HR data, salary information

Is Copilot safe to use? A breakdown of the risks

Copilot's risks vary depending on whether you are using the free consumer version, a Microsoft 365 enterprise license, or the built-in Windows experience. Before choosing any AI tools, including Copilot, ChatGPT, Gemini, Meta AI, and DeepSeek, it’s important to consider the security and privacy risks involved.

Table
Risk	Potential impact	Why it matters
Data used for AI model training	Your prompts and conversations may be used to train Microsoft's AI models unless you actively opt out	Sensitive content you share could be reviewed by humans or surface in future outputs
Data retention & indefinite storage	Copilot interactions can be stored indefinitely without a retention policy	Old prompts containing sensitive data can still be found via electronic discovery
Over-permissioning	Copilot accesses everything you have permission to, including folders and drives	Confidential documents can be unintentionally exposed
Cross-border data processing (flex routing)	EU/EFTA tenant data may be processed outside the EU Data Boundary during high-demand periods	Organizations under GDPR, DORA, or sector-specific regulations face potential compliance violations
Data is subject to US jurisdiction	US authorities can potentially access your data regardless of where you are from or where it's stored	Even EU-stored data is not automatically protected from US government requests
Cross-service data harvesting	Copilot pulls data from Bing, MSN, Edge, and other Microsoft products by default	Builds a broader activity profile, increasing re-identification risk
Prompt injection attacks	Malicious instructions embedded in documents can hijack Copilot's responses	Attackers can manipulate outputs or exfiltrate internal data via documents

Personal privacy risks

Here is what you are putting at risk every time you use Copilot, and why Microsoft Copilot's data privacy deserves far more scrutiny than most people give it.

Your conversations may train Microsoft's AI models

By default, the consumer version of Copilot uses your conversations to train its AI — including your prompts and the responses you receive.

You need to actively opt out in your privacy settings, and even then, data shared before opting out may already have been processed.

Photos and files you upload are stored for up to 18 months

If you share an image or document with Copilot, Microsoft's own privacy FAQ confirms the file is stored securely for up to 18 months before being automatically deleted.

Any sensitive image, document, or file you share with Copilot lives on Microsoft's servers and out of your control.

Your data can fall under US law, regardless of where you are

Because Microsoft is a US company, it is subject to the CLOUD Act, which means US authorities can potentially access your data even if you aren't based there, sometimes without requiring a warrant.

This poses a fundamental risk for non-US users, even those covered by Microsoft's EU Data Boundary commitment.

Copilot pulls your data from the Microsoft ecosystem by default

"Microsoft usage data" is a setting enabled by default, which accesses your data from Bing, MSN, Microsoft Edge, and other Microsoft services to personalize your Copilot experience.

ZDNet reported(nytt vindu) that you must explicitly opt out of this cross-service data collection. The result is a progressively in-depth profile of your activity, browsing habits, and interactions, without your knowledge or consent.

Re-identification risk from 'anonymized' data

Microsoft states it de-identifies data before using it for model training, removing phone numbers, blurring faces, and stripping certain identifiers.

However, these supposedly anonymous datasets can be re-identified when combined with timestamps, device characteristics, or location signals.

Because Copilot is deeply embedded in a cross-service ecosystem spanning Windows, Microsoft 365, Bing, and Edge, the risk of re-association over time is ever increasing.

Microsoft previously reversed its own 'no retention' promise

Microsoft originally marketed Copilot with data protection on the basis that it did not retain user prompts.

But in late 2024, it reversed that commitment(nytt vindu), introducing prompt retention for compliance and audit purposes. The takeaway?

The rules governing your data can change at any time — and with a closed-source product, you may only find out after the fact.

Business risks

If you think your organization's enterprise license keeps your data safe, think again. Several real-world incidents show that even paying enterprise customers have been caught out by Copilot's security gaps, often without warning.

Copilot adopts all user permissions, including access to restricted files

If you're running a Copilot agent in Microsoft 365, you're giving it access to everything the user has — including sensitive internal files never intended to be broadly accessible.

Research from Metomic(nytt vindu) found that over 15% of business-critical files are at risk from oversharing, and over 3% of sensitive business data was shared organization-wide without appropriate controls.

If a Copilot user has access to sensitive information, Copilot gains identical access. This can lead to sensitive information exposure, as Copilot can potentially train its models and leak that data in its outputs.

Flex routing sends EU data outside the EU Data Boundary

From April 2026, Microsoft is enabling flex routing(nytt vindu) by default for all EU and EFTA tenants.

During peak demand, Copilot prompts and data may be routed to processing infrastructure outside the EU — including the US or Australia — which can mean compliance issues for organizations under GDPR, NIS2, or DORA.

Crucially, flex routing is opt-out by default, not opt-in.

Prompt injection attacks can weaponize emails and documents

With prompt injections, attackers can embed hidden instructions inside emails or documents that, when processed by Copilot, trick the AI into exfiltrating internal data.

The EchoLeak vulnerability(nytt vindu) demonstrated this at scale, where attackers could steal data from a user's Microsoft 365 environment even without any user action.

Your confidential data can potentially be exposed

In early 2026, Microsoft confirmed that a software bug had allowed Copilot to read and summarize users' confidential emails, bypassing data loss prevention policies that organizations depend on to protect sensitive information.

The bug was active for weeks(nytt vindu) before Microsoft acted, with security experts noting how it demonstrates a fundamental weakness in the "trust boundary" Microsoft had promised enterprise customers: Copilot has the potential to access protected emails even when companies had explicitly configured it not to.

Lack of transparency

Microsoft Copilot is closed-source software. Its model architecture, training data, and data flow pathways cannot be independently inspected or audited, which means you are required to take Microsoft's assurances at face value.

No independent verification of data handling claims

Microsoft publishes documentation about how Copilot handles data, but no independent researcher, auditor, or regulator can inspect the actual codebase to verify those claims. Privacy certifications are useful signals but not a substitute for open, independently auditable source code.

Policy changes can happen without user consent

Microsoft controls the terms under which your data is processed, and has changed them before. The 2024 prompt retention reversal and the 2026 cross-service data expansion are two examples. Businesses relying on Copilot for sensitive work are exposed to a compliance baseline they cannot control or predict.

How to stay safe when using Copilot

You do not have to give up on AI tools entirely — but if you keep using Copilot, these steps will meaningfully reduce your exposure.

Opt out of having your prompts used to train Copilot's AI models.

Turn off cross-service data sharing.

Avoid uploading any kind of personal data, including photos and documents.

Treat AI chats with the assumption that they could be seen by other people.

Opt out of flex routing for businesses in the EU or EFTA.

For businesses, audit folder and drive permissions before granting Copilot access.

Switch to a private AI assistant

Lumo is designed for people who want an AI assistant they can trust. Lumo never trains on your chats nor retains any logs, ensuring your data is completely private. Not even Proton can access it.

Try Lumo now Use Lumo for Business

Frequently asked questions about Copilot's safety

Is Copilot safe for confidential information?: No, Copilot is not a safe environment for confidential, sensitive, or regulated information. AI training is on by default for personal accounts, files can be stored for up to three years, and Microsoft — along with third parties such as government authorities — can access your stored conversations.
Is Copilot end-to-end encrypted?: No, end-to-end encryption (E2EE) is not practical with current technology. Microsoft Copilot encrypts data in transit using TLS/IPsec and at rest using AES-256 and BitLocker. However, true end-to-end encryption means only the sender and recipient can read the content, not the service provider.
Microsoft, as the service provider, holds the decryption keys and can thus access content for compliance, auditing, and legal hold purposes, meaning it doesn't use E2EE. The difference between Copilot and Lumo is that while Microsoft retains your data and the decryption keys, Lumo retains no logs and uses zero-access encryption to protect your chat histories so that only you hold the decryption key.
What are the risks of using Microsoft Copilot?: Generally, Microsoft Copilot poses various privacy and security risks as your data can be retained and used to train Copilot's AI models. This means that your chats, uploaded files, and connected drives or folders can potentially be exposed or shared with third parties without your knowledge or consent.
What are 5 things you should never tell Copilot?: Passwords, API keys, and credentials
Personal identification data, including names, email addresses, and identification numbers
Confidential financial information, such as earnings forecasts, salary data, or unreleased financial results
Personal medical and health information, whether it's your own or anyone else's
Anything under legal professional privilege, or that you would not want disclosed in litigation
Does Copilot keep your photos and images?: Yes. According to Microsoft's own Privacy FAQ, images and files you share with Copilot are stored securely for up to 18 months and then automatically deleted. The file and associated conversation are subject to your model training settings — meaning if you have not opted out, the photo and conversation around it may be used to improve Microsoft's AI.
Can my employer see my Copilot conversations?: If you use Microsoft 365 Copilot on a company-managed account, then yes — your employer and company admins have the ability to access and review your Copilot interactions. Enterprise admins can apply eDiscovery and legal hold policies to Copilot data stored in Microsoft Purview, its unified platform for data security, management, and compliance. Treat your work account Copilot use as potentially visible to your IT and compliance teams.
Is Microsoft 365 Copilot safer than the consumer version?: In some ways, yes. Enterprise data is not used for training Microsoft's foundational AI models, tenant-level isolation prevents cross-organization data leakage, and organizations can configure governance policies through Purview, Microsoft's unified platform for data governance and compliance. However, enterprise users still face risks around over-permissioned access, flex routing (for EU customers), prompt injection attacks, and the discoverable nature of AI interaction logs. Neither version guarantees genuinely confidential data.