X may be a software agent installed in a computer system. In this case, depending on the platform, and on the necessary actions of X to resolve the situation, it may be possible to confine X and thus limit the danger of revealing the sensitive data. Capabilities can do this too.
If Y is also a software agent then access to the sensitive data is presumably held by as a capability. General capability systems naturally afford the ability to narrow the authority to a narrower authority in the form of another capability. If the required access is mere read access to a small amount of data, then Y may merely copy the data for X.