Microsoft Issues Warning To Windows 11 Users - This AI Feature Can Install Viruses

Regardless of how you feel about Microsoft evolving from its predecessor to Windows 11, with future plans to move into an "agentic OS," it seems there is a risk to using the new functionality. On the eve of the new features rollout that's coming to select Windows Insiders, Microsoft has issued a warning: Users are advised that they should only enable the new experimental features "if you understand the security implications." In fact, because it could be dangerous the agentic components will be off by default. 

The reason is pretty simple, albeit alarming: It's because AI applications introduce cross-prompt injection (XPIA) risks through the way that they are granted access to user files. Agentic accounts, those that would be offered when the features are enabled, are granted limited access to your user profile directory located at "Maindrive > Users > Username." As such, if an agent needs access to files, Windows grants them read and write access to anything in that directory. 

Because of this, Microsoft says "malicious content embedded in UI elements or documents can override agent instructions," which could lead to unintended consequences. It then gives the examples of data exfiltration or malware installation through AI applications. In other words, these vulnerabilities could be used to install malware or gain access to user-sensitive files. In addition, when using the agent workspace, "the agentic app has access to the apps that are available to all users by default." Agentic AI applications could install or modify software without your knowledge, which is the alarming bit.

Going by what Microsoft has described in the recent support bulletin, the experimental feature is called the Agent Workspace. It's available in a private developer preview for Windows Insiders, and has already rolled out to some. Although, there are no apps that support the new functionality yet, Copilot will soon have access to agentic workspaces, with other apps coming soon. More specifically, the AI agents are coming as an addition to Ask Copilot, the feature that allows you to call upon an AI assistant in Windows 11. 

Copilot is already problematic for those who value privacy; the AI can see your entire display, for example. Admittedly, it Copilot can handle some useful tasks, too. But that depends on if you're willing to embrace the risks, especially now. This initial build will start with limited access to help developers "gather feedback and strengthen foundational security." Microsoft also outlines that security is not a "one-time feature," but a "continuous commitment" that will be adapted over time to meet the needs of the technology. 

Agent workspaces are separate, contained spaces, where you allow the AI applications or agents access to files in the background, while you continue to use your device. The dedicated account or separation "establishes clear boundaries between agent activity and your own," achieving what the company refers to as "scoped authorization and runtime isolation." That gives you full control, while the agent works in the background, including the ability to "manage access at any time." Theoretically, you should be able to stop agents, but it's still concerning. As more users gain access to these experimental features, more information will be available on how they work and how secure they are. Though, no one is really happy about it, and users are voicing their dissent online.