Microsoft Confirms Windows 11 Agentic Features Comes With Security Risks

Microsoft isn’t shying away from adding AI to each and every part of Windows 11, despite getting backlash from users. To make things look even worse from the Windows users’ POV, Microsoft AI CEO took a jab at critics saying, “It cracks me up when I hear people call AI underwhelming…. The fact that people are unimpressed….is mindblowing to me.”

Although it seems Microsoft is pushing forward with its vision of making Windows an agentic OS, a new feature introduced in the recent Build 26220.7262 has sparked privacy woes among users (via Windows Latest).

Apparently, when you enable the new feature, Experimental agentic features, from under AI Components in the Settings, you’ll see a confirmation pop-up. While the pop-up itself isn’t the problem, the real concern is the note within it, which reads, “These features are still being tested and may impact the performance or security of your device.”

Microsoft claims that these AI agents work inside their own “Agentic Workspace. Adding more to it, Microsoft explains, “The creation of the agent workspace, where agents can work in parallel with a human user, enabling runtime isolation and scoped authorization. This provides the agent with capabilities like its own desktop while limiting the visibility and access the agent has to the user’s desktop activity.”

Yes, Microsoft says that each agents are rolled out with permitted actions. But Microsoft also admits security risks related to it. In a support document linked above, the company also mentions, “agentic AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation.”

From what’s mentioned, it’s understandable that users can later review what actions were taken by these agents. Although Microsoft compares it to Windows Sandbox, these AI agents might still run even after you shut them down, opposite to how Sandbox works. What’s more concerning is that when you enable these agents, by default, they have read and write access to files and folders in your PC.