"The vault is solid, the delivery truck is not" — strong key storage, shaky transfer: why this Windows Recall feature raises new security questions

Windows Recall has wiggled its way back to the headlines of practically every major tech news publication for all the wrong reasons. First announced in 2024 as an AI-powered tool designed to take snapshots of your PC's screen every few seconds and use on-device AI to analyze and triage that content, allowing you to semantically search for anything you've ever done on your computer using natural language.

Microsoft delayed its rollout for over one year to address critical user concerns after being branded a security nightmare and a hacker's paradise by cybersecurity experts. The company shipped the controversial feature to broad availability in April 2025 with elaborate security measures, including isolating it in a "VBS Enclave" (making it unreadable to third-party apps) and filtering out sensitive information like passwords and credit card details.

However, more trouble lies ahead for Windows Recall users. While all the locally stored data captured by Windows Recall is now encrypted and viewable only with Windows Hello authentication, Security researcher Alexander Hagenah, author of the TotalRecall tool that made it easy to steal Windows Recall information from any Windows PC, recently cited new vulnerabilities that the AI-powered tool might be susceptible to on the TotalRecall GitHub page.

While Hagenah admits that Windows 11's security in Recall is good, the security expert details that the way Windows 11 delivers data makes it easy for bad actors to gain unauthorized access (via The Verge). “The vault is solid,” Hagenah indicated. “The delivery truck is not.”

Perhaps more concerningly, once a user has authenticated, the system passes along Windows Recall data to another system process dubbed d AIXHost.exe, which doesn't have the same security protections as the rest of the AI-powered tool.

As such, the TotalRecall Reloaded tool leverages an executable file to inject a DLL file into AIXHost.exe, and more alarmingly, it can be done even without admin privileges. It then lurks in the background for the user to launch Windows Recall and authenticate using Windows Hello.

Consequently, the tool can access snapshots_, OCR’d text, and other sensitive data that Recall sends to the AIXHost.exe process, which can persist long after the user stops using Recall.

TotalRecall Reloaded can grab your most recent snapshots, select metadata about the Recall database, and even delete your entire database without Windows Hello authentication.

The security researcher reported the discovery to Microsoft’s Security Response Center on March 6, but the tech giant indicated that it wasn't actually a bug and that it didn't have elaborate plans to fix it. On April 3, Microsoft officially classified the flagged issue as "not a vulnerability."

While speaking to Ars Technica, a Microsoft spokesman indicated:

"We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data. The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries.”

Windows Central's take: Windows Recall continues to be a major pain point for Microsoft

The security and privacy issues that come with allowing Windows Recall to access your PC, including sensitive and personal information, are hard to ignore. Hagenah's findings suggest that Microsoft should put elaborate security measures in place to make its delivery mechanism more secure.

Earlier this year, Microsoft revealed that it was scaling back its AI overload in Windows 11, which includes scaling down Copilot. Windows Recall was also placed under review after backlash from users over security concerns, potentially signaling that it could evolve into something else entirely.

Elsewhere, privacy-focused communities and organizations like the Brave browser, Signal, and AdGuard for Windows introduced features that explicitly block Windows Recall from capturing snapshots of your PC.

Microsoft can and should do better: halt automatic recovery handoffs until the transfer path is hardened, publish a transparent threat model and mitigation plan, and give users a simple, opt‑out control that actually prevents snapshots and transfers. Anything less is asking people to trust a system that hasn’t yet earned it.

Do you use Windows Recall on Windows 11? Let me know in the comments.

Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.