Microsoft has issued an important warning about its upcoming agentic AI capabilities that are coming soon to Windows 11. In a new support document, the company warns that users should "only enable this feature if you understand the security implications," and has confirmed that because of the potential dangers, it'll be off by default.
For months, Microsoft has teased that Windows 11 would slowly evolve into an agentic OS, much to the dismay of users online. Still, the company has pushed ahead with its vision, and we're now at a point where the first truly agentic capabilities are launching on the platform.
"This setting can only be enabled by an administrator user of the device and once enabled, it’s enabled for all users on the device including other administrators and standard users," Microsoft confirms. When enabled, Windows will create local user accounts for different AI agents, which will have access to your personal user folder.
"Agentic accounts have limited access to your user profile directory (C:\Users\username\) while operating in the agent workspace. If an agent needs access to files in that directory, Windows grants read and write access to the following known folders: Documents, Downloads, Desktop, Videos, Pictures, Music when the setting is enabled."
Yesterday, Microsoft published a support document that outlined how AI agents are going to work on Windows 11, utilizing a new agentic workspace that will allow AI-powered apps to complete tasks on your behalf. These agents will operate in their own secure desktop environment, but with access to your apps and files.
As such, the company warns that these agentic capabilities aren't without risk. "AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation."
Because of this, the company has outlined a number of design principles that it wants to follow when it comes to agentic experiences on Windows, including ensuring the AI is always observable, and that any decisions it wants to make must be approved by a human first. "Agents must be able to produce logs outlining their activities. Windows should be able to verify these actions with a tamper-evident audit log."
The company says the first preview builds of Windows 11 with agentic capabilities are rolling out to Insiders as of yesterday, though there are currently no AI apps that support it. Microsoft has already confirmed that Copilot will soon be able to utilize agentic workspaces on Windows 11, and other AI apps are expected to follow.
The era of Windows as an agentic OS is here, whether we like it or not.
Follow Windows Central on Google News to keep our latest news, insights, and features at the top of your feeds!
