A researcher found that telling M365 Copilot to omit a link causes the audit log to lie. Microsoft quietly fixed the bug but refuses to warn customers or issue a CVE. Here’s what it means for compliance and trust.
Your audit log says no one opened that sensitive file – but an AI just did and left zero trace. Zack Korman, CTO of Pistachio, stumbled upon a disturbing flaw in Microsoft 365 Copilot: by asking the assistant not to include a link, Copilot would summarize a document without logging the access. The vulnerability, disclosed privately on July 4 and fixed on August 17, breaks the chain of evidence regulators rely on. Even more troubling? Microsoft classified the issue as “important” rather than “critical,” declined to assign a CVE and told the researcher it won’t inform customers.
How the audit‑log bug works
In normal use, when you ask Copilot to summarize a SharePoint or OneDrive file, the system logs a SharePointFileOperation FileAccessed event so administrators can see who accessed what. Korman discovered that by saying “don’t provide a link,” Copilot still delivered a summary but skipped the audit log entry. No exploit tools, no hacking – a simple prompt circumvented the logging mechanism. Because organizations often treat audit logs as ground truth in investigations, this bug could allow insiders to read sensitive documents undetected or accidentally create gaps in evidence trails. Testing showed the behavior could occur even without a link previously being generated, meaning it could happen by accident when prompts were phrased innocently.
Microsoft’s response: fix but no disclosure
Korman submitted his findings via Microsoft’s Security Response Center (MSRC) portal. While initial communication was positive, he soon noticed the status moving from “reproducing” to “develop” without explanation. On August 2 Microsoft confirmed a patch would roll out August 17 and told him he could disclose on August 18. When he asked about a CVE, MSRC explained that because the mitigation would be automatically pushed, no CVE was needed. This contradicts Microsoft’s own policy that CVEs should be issued for vulnerabilities requiring customer risk assessment. Even more controversially, Microsoft said it had no plans to inform customers, despite the possibility that their audit logs were incomplete for months.
Why this matters: compliance, trust and privacy
Audit logs aren’t just nice to have; they’re mandated for industries governed by regulations like HIPAA and GDPR. Hospitals, financial institutions and government agencies rely on logs to prove who accessed personal data. In legal disputes, logs provide evidence of file access. With Copilot sometimes skipping entries, organizations might unwittingly violate laws or fail to detect insider threats. Microsoft’s refusal to disclose the bug raises ethical questions: should vendors quietly fix issues that affect customers’ compliance posture? Or do they owe users transparency even when mitigations are automatic?
Community reaction and the wider AI context
The story quickly resonated on Hacker News and cybersecurity social media, garnering hundreds of upvotes and sparking debates over responsible disclosure. Some argued the bug should be classified as critical given its potential impact on regulated industries; others empathized with Microsoft’s desire to avoid panic. The bigger picture is that AI assistants like Copilot wield extraordinary access across enterprise data. As companies rush to deploy generative AI, they must ensure that the underlying security controls – like logging and auditing – function as intended. Hiding audit events can erode trust and invite regulatory scrutiny.
FAQs
What exactly causes the audit log to fail? The bug occurs when a user asks Copilot to summarize a file without including a link. Copilot retrieves the document and returns content, but the audit log records nothing.
Is the bug fixed? Microsoft deployed a fix on August 17. The patch reportedly ensures that all file access via Copilot is logged, even when links aren’t provided.
Why no CVE? Microsoft said no CVE was necessary because customers didn’t need to update anything; the fix was automatically applied. Critics argue this violates Microsoft’s own guidelines.
Do organizations need to take action? While the fix is live, companies that used Copilot before August 17 should assume some file access events may be missing from their logs. They should consider revisiting audit‑driven reports and reinforcing employee training on sensitive document handling.
