Microsoft said in an update on Nov. 17 that Windows 11 users who utilize “agentic features” from its AI services should be cautious because the AI agents could potentially download and install malware.
“As these capabilities are introduced, AI models still face functional limitations in terms of how they behave and occasionally may hallucinate and produce unexpected outputs. Additionally, agentic AI applications introduce novel security risks, such as cross-prompt injection (XPIA),” the warning stated. A prompt injection attack is a type of cyberattack where an attacker crafts an input to trick the AI into performing malicious actions.
Microsoft added that in the case of Windows 11’s “experimental” AI services, “malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation.”
The AI features are turned off by default and operate only after the user opts into them, the company said.
The agentic AI setting “can only be enabled by an administrator user of the device and once enabled, it’s enabled for all users on the device including other administrators and standard users,” Microsoft said of the AI services.
But when enabled, Windows will set up local user accounts for the different AI-based agents and will have access to a personal user folder, accessed within the “Users” folder usually located in the C drive, it said.
“Agentic accounts have limited access to your user profile directory … while operating in the agent workspace. If an agent needs access to files in that directory, Windows grants read and write access to the following known folders: Documents, Downloads, Desktop, Videos, Pictures, Music when the setting is enabled,” Microsoft stated.
The support document also said that such features include a program called Copilot Actions that allows its AI to interact with local files, saying, “With Copilot Actions you have an active digital collaborator that can carry out complex tasks for you to enhance efficiency and productivity.”
Meanwhile, the AI will work in a system known as an “agent workspace” that Microsoft says would be “separate” and “contained” within Windows that allows “you” as the user to “grant agents access to your apps and files so they can complete tasks for you in the background while you continue to use your device.”
The tech giant for months has suggested that it wants to turn Windows 11 into what it calls an “agentic OS,” which would use AI to act on behalf of a user to automate tasks, which has drawn considerable backlash by users online.
“Windows is evolving into an agentic OS, connecting devices, cloud, and AI to unlock intelligent productivity and secure work anywhere,” he wrote.
In a blog post on Tuesday, Microsoft’s corporate vice president for security, Vasu Jakkal, said that Microsoft introduced a control plane for its AI agents that he says will help “observe, manage, secure, and govern” various tools.