Microsoft has issued a strong security warning to Windows 11 users about a new experimental feature that uses AI to automate tasks. The company says the feature, called “Agent Workspace,” should stay disabled unless users fully understand the security risks. According to Microsoft, hackers could use this weakness to install malware or steal personal data by manipulating AI systems.
Major Risk: Cross-Prompt Injection Attacks
The warning focuses on a threat known as Cross-Prompt Injection Attacks (XPIA). As Microsoft shifts Windows 11 toward an “agentic OS,” new AI agents need read-and-write access to user files. This access helps them perform tasks in the background.
However, giving AI agents this level of file access also creates a serious security gap. If an AI agent reads a document or webpage containing hidden malicious instructions, it could be forced to ignore its programming. Microsoft explains that harmful content hidden inside documents or interface elements may “override agent instructions,” allowing attackers to:
- Steal user data by sending files to an unknown server.
- Install malware or spyware without being detected.
Because these AI agents can modify files in folders like Documents, Desktop, and Downloads, a successful attack could bypass normal security protections.
What Is the Agent Workspace?
The Agent Workspace is a new testing feature available to select Windows Insiders. It creates a simplified background account that allows AI tools, including Copilot, to carry out multi-step tasks automatically. This lets users continue their work while the AI handles tasks on its own.
But unlike regular apps, these agent accounts receive expanded permissions. This makes automation easier but increases the chances of cyberattacks.
Microsoft’s Safety Measures
To reduce the risks, Microsoft has added several safety barriers:
- Disabled by default so users must turn it on manually.
- Runtime isolation to separate the AI agent from the main system account.
- User control allowing users to restrict access or shut the agent down.
Should You Enable It? Experts Say No
Security experts recommend that most users avoid enabling this feature. It is designed for developers and technical professionals who want to test how AI agents work. Microsoft has admitted that security in this area is still developing and will need continuous updates.
In other news read more about ChatGPT Considers Adding Adult Content to Its Platform
Until the vulnerabilities are fixed and the “agentic” system is more secure, enabling the Agent Workspace could put your files and device at unnecessary risk.
