Microsoft has informed IT admins that Copilot’s access to work documents is strictly controlled by the user account’s permissions, so enterprise data is protected.

Ignoring the “access does not mean permission” security principle, and the fact that permitting a human to read a document is not the same as permitting them to send it to an external server.

Copilot is malware.

Rather them than whatever other random AI they are using.

If your team isn’t actively living down this stuff it’s already being used.

Group policy.