ITSFOSS.COM - If you ask me, Microsoft has been one of the biggest driving forces behind Linux adoption in recent years. The way they've been handling Windows, with its forced updates, aggressive telemetry, and questionable AI features, has sent more people to Linux than any marketing campaign ever could.
And they are at it again with a new Artificial intelligence feature that could be tricked into installing malware on your system.
Microsoft is rolling out a new experimental feature called "Copilot Actions" to Windows Insiders. They pitch it as an AI agent that handles tasks you describe to it. Organize vacation photos, sort your Downloads folder, extract info from PDFs, that sort of thing.
It is currently available in Windows 11 Insider builds (version 26220.7262) as part of Copilot Labs and is off by default, requiring admin access to set it up.
But here's the catch. Copilot Actions isn't just suggesting what to do. It runs in a separate environment called "Agent Workspace" with its unique user account, clicking through apps and working on your files.
Microsoft says it has "capabilities like its own desktop" and can "interact with apps in parallel to your own session." And that's where the problems start.
In a support document, Microsoft admits that features like Copilot Actions introduce "novel security risks." They warn about cross-prompt injection (XPIA), where malicious content in documents or UI elements can override the AI's instructions.
The result? "Unintended actions like data exfiltration or malware installation."
Yeah, you read that right. Microsoft is shipping a feature that could be tricked into installing malware on your system.
Microsoft's own warning hits hard: "We recommend that you only enable this feature if you understand the security implications."
No comments:
Post a Comment