Microsoft said in an update on Nov. 17 that Windows 11 users who use “agentic features” from its artificial intelligence (AI) services should be cautious because the AI agents could potentially download and install malware.
In an alert, Microsoft warned that its AI models could “occasionally hallucinate” and introduce “novel security risks” such as malware because large language models, a type of AI that processes data and generates human-like text, are susceptible to cyberattacks.
“As these capabilities are introduced, AI models still face functional limitations in terms of how they behave and occasionally may hallucinate and produce unexpected outputs. Additionally, agentic AI applications introduce novel security risks, such as cross-prompt injection (XPIA),” the warning stated.
A prompt injection attack is a type of cyberattack during which an attacker uses an input to trick the AI into performing malicious actions.
Microsoft stated that in the case of Windows 11’s “experimental” AI services, “malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation.”
The AI features are turned off by default and operate only after the user opts into them, the company said.
The agentic AI setting “can only be enabled by an administrator user of the device and once enabled, it’s enabled for all users on the device including other administrators and standard users,” Microsoft said of the AI services.
When the setting is enabled, Windows will set up local user accounts for the different AI-based agents and will have access to a personal user folder, accessed within the “Users” folder usually located in the C drive, it stated.
“Agentic accounts have limited access to your user profile directory ... while operating in the agent workspace,” Microsoft stated. “If an agent needs access to files in that directory, Windows grants read and write access to the following known folders: Documents, Downloads, Desktop, Videos, Pictures, Music when the setting is enabled.”
The support document also states that such features include a program called Copilot Actions that allows its AI to interact with local files, saying, “With Copilot Actions you have an active digital collaborator that can carry out complex tasks for you to enhance efficiency and productivity.”
The AI will work in a system known as an “agent workspace” that Microsoft says would be separate and contained within Windows and would allow the user to grant agents access to apps and files so the agent can complete tasks in the background while the user continues to use the device.
The tech giant has suggested that it wants to turn Windows 11 into what it calls an “agentic OS,” which would use AI to act on behalf of a user to automate tasks, which has drawn considerable backlash from users online.
Last week, Windows President Pavan Davuluri effectively confirmed in a post on X how Microsoft wants to further develop Windows 11. An Epoch Times review shows that hundreds of respondents to his thread indicated that many do not want AI in their operating system. Some recommended a switch to a Linux distribution or macOS.
“Windows is evolving into an agentic OS, connecting devices, cloud, and AI to unlock intelligent productivity and secure work anywhere,” he wrote.
In a blog post on Nov. 18, Microsoft’s corporate vice president for security, Vasu Jakkal, said that Microsoft introduced a control plane for its AI agents that she said will help “observe, manage, secure, and govern” various tools.
