Microsoft is pushing ahead with its plan to add agentic capabilities to Windows 11 but has issued an important security warning for anyone who is interested in trying it out.
You might want to think twice before you enable agentic capabilities in Windows 11(Image credit: Zac Bowden | Windows Central)
Microsoft has issued an important warning about its upcoming agentic AI capabilities that are coming soon to Windows 11. In a new support document, the company warns that users should "only enable this feature if you understand the security implications," and has confirmed that because of the potential dangers, it'll be off by default.
"This setting can only be enabled by an administrator user of the device and once enabled, it’s enabled for all users on the device including other administrators and standard users," Microsoft confirms. When enabled, Windows will create local user accounts for different AI agents, which will have access to your personal user folder.
"Agentic accounts have limited access to your user profile directory (C:\Users\username\) while operating in the agent workspace. If an agent needs access to files in that directory, Windows grants read and write access to the following known folders: Documents, Downloads, Desktop, Videos, Pictures, Music when the setting is enabled."
Yesterday, Microsoft published a support document that outlined how AI agents are going to work on Windows 11, utilizing a new agentic workspace that will allow AI-powered apps to complete tasks on your behalf. These agents will operate in their own secure desktop environment, but with access to your apps and files.
As such, the company warns that these agentic capabilities aren't without risk. "AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation."
Because of this, the company has outlined a number of design principles that it wants to follow when it comes to agentic experiences on Windows, including ensuring the AI is always observable, and that any decisions it wants to make must be approved by a human first. "Agents must be able to produce logs outlining their activities. Windows should be able to verify these actions with a tamper-evident audit log."
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
The company says the first preview builds of Windows 11 with agentic capabilities are rolling out to Insiders as of yesterday, though there are currently no AI apps that support it. Microsoft has already confirmed that Copilot will soon be able to utilize agentic workspaces on Windows 11, and other AI apps are expected to follow.
The era of Windows as an agentic OS is here, whether we like it or not.
Zac Bowden is a Senior Editor at Windows Central and has been with the site since 2016. Bringing you exclusive coverage into the world of Windows, Surface, and hardware. He's also an avid collector of rare Microsoft prototype devices! Keep in touch on Twitter and Threads
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
