Microsoft warns of security risks in Windows 11 AI features

In a recent support document, the company stated that users should “only enable this feature if you understand the security implications,” stressing that the experimental capabilities will remain disabled by default.

According to Microsoft, the transition of Windows 11 into what the company describes as an agentic operating system is beginning with the first preview builds already available to Insiders.

“This setting can only be enabled by an administrator user of the device and once enabled, it is enabled for all users on the device,” the document notes. When activated, Windows will create local accounts for AI agents that gain controlled access to personal folders such as Documents, Downloads, and Desktop.

The company explained that AI agents will work inside a protected environment called the agentic workspace, which allows automated task completion while still interacting with applications and files. Despite these safeguards, Microsoft acknowledges significant risks.

“AI applications introduce novel security risks, such as cross prompt injection, where malicious content can override agent instructions, leading to unintended actions like data exfiltration or malware installation.”

Microsoft says it is developing strict design principles to ensure oversight and accountability.

“Agents must be able to produce logs outlining their activities. Windows should be able to verify these actions with a tamper evident audit log,” the company states. While no AI applications currently support the new system, Microsoft confirms that Copilot will adopt agentic workspaces in upcoming updates.

Earlier, Qazinform News Agency reported that Microsoft, Nvidia and Anthropic confirmed new commitments aimed at integrating cloud scale, advanced hardware and next generation model development.