“Microsoft should recall Windows Recall” – Security researcher finds Microsoft’s new AI tool woefully insecure

What you need to know

  • Microsoft plans to roll out a new AI feature called “Windows Recall” to new Windows 11 Copilot+ PCs this month.
  • The feature remembers everything you’ve done on your computer and allows you to find things using semantic search.
  • Recall stores everything locally on the device, but it appears that the data is not encrypted when the user is logged into the computer.

Microsoft has received quite a bit of criticism over its new Windows Recall AI feature since it was first unveiled on May 20. The AI ​​tool, which will ship on new Windows 11 Copilot+ PCs later this month, is designed to record everything you do on your computer. computer and use AI to index that content into semantically searchable snapshots.

When the feature was unveiled, Microsoft promised security. The data Recall collects is stored on the device, “encrypted” with Bitlocker, and is never sent to Microsoft or advertisers. Users are free to disable Recall, or if they choose to use it, delete all snapshots at any time.