Microsoft Transforms Windows 11 Into 'Agentic OS' with AI Agents That Work in Background

New Windows 11 AI agents can work in the background but create new security risks

Microsoft has been adding AI features to Windows 11 for years, but things have recently entered a new phase, with both generative and so-called "agentic" AI features working their way deeper into the bedrock of the operating system. A new build of Windows 11 released to Windows Insider Program testers yesterday includes a new "experimental agentic features" toggle in the Settings to support a feature called Copilot Actions, and Microsoft has published a detailed support article detailing more about just how those "experimental agentic features" will work. If you're not familiar, "agentic" is a buzzword that Microsoft has used repeatedly to describe its future ambitions for Windows 11 -- in plainer language, these agents are meant to accomplish assigned tasks in the background, allowing the user's attention to be turned elsewhere. Microsoft says it wants agents to be capable of "everyday tasks like organizing files, scheduling meetings, or sending emails," and that Copilot Actions should give you "an active digital collaborator that can carry out complex tasks for you to enhance efficiency and productivity." But like other kinds of AI, these agents can be prone to error and confabulations and will often proceed as if they know what they're doing even when they don't. They also present, in Microsoft's own words, "novel security risks," mostly related to what can happen if an attacker is able to give instructions to one of these agents. As a result, Microsoft's implementation walks a tightrope between giving these agents access to your files and cordoning them off from the rest of the system. Possible risks and attempted fixes For example, AI agents running on a PC will be given their own user accounts separate from your personal account, ensuring that they don't have permission to change everything on the system and giving them their own "desktop" to work with that won't interfere with what you're working with on your screen. Users need to approve requests for their data, and "all actions of an agent are observable and distinguishable from those taken by a user." Microsoft also says agents need to be able to produce logs of their activities and "should provide a means to supervise their activities," including showing users a list of actions they'll take to accomplish a multi-step task.

Microsoft is turning Windows into an 'agentic OS,' starting with the taskbar

Microsoft is trying to transform Windows into a "canvas for AI," with new AI agents integrated into the Windows 11 taskbar. These new taskbar capabilities are designed to make AI agents feel like an assistant in Windows that can go off and control your PC and do tasks for you at the click of a button. It's part of a broader overhaul of Windows to turn the operating system into an "agentic OS." "This is all about us wanting to make sure that every user can get the superpowers of AI," says Navjot Virk, corporate vice president of Windows experiences, in an interview with The Verge. Microsoft is integrating a variety of AI agents directly into the Windows 11 taskbar, including its own Microsoft 365 Copilot and third-party options. "This integration isn't just about adding agents; it's about making them part of the OS experience," says Windows chief Pavan Davuluri. Agents will be able to do things like research data in the background while you work on something else, or access files and folders on your PC to automate a boring and time-consuming admin task you have to do at work. Once you ask an AI agent to go do some tasks for you, the agent will shift into the taskbar and run in the background. "You can hover on the taskbar icon at any time to see what the agent is doing," explains Virk. The AI agent integration is part of the new Ask Copilot feature in the taskbar, which combines the existing local file search with Copilot capabilities. "Not only do you get lightning-fast search for files and settings, you can now start a conversation with Microsoft 365 Copilot and also launch AI agents directly from the taskbar," explains Virk. Microsoft has even added new taskbar capabilities to these agents so you can glance at them to see the status of whatever they're working on in the background. A floating window will also appear to interact with agents or Microsoft 365 Copilot, instead of a full app. If an agent needs attention or completes a task, it will notify you and update its state on the taskbar. There are badges on the AI agent taskbar icons that show you visually that an agent is progressing with a task: a yellow exclamation point when it needs help, or a green tick for when it has completed something. If you don't want AI agents on the taskbar, you don't have to enable this feature. "These experiences are designed to be opt-in, we want customers to have full control over when and how they engage with Copilot and these agents," says Virk. Developers will ultimately think up a lot of use cases for these agents, and Microsoft is doing a lot of the platform-level work to make them possible. AI agent capabilities are being embedded into core parts of Windows thanks to Model Context Protocol (MCP). "Essentially what they do is give us a standardized framework that allows these agents to discover tools and discover other agents through a secure managed on-device registry," says Davuluri. "It also gives us, the Windows team, the ability to provide tools in an agentic framework for these agents to go and consume." AI agents will also have their own workspace, separate to your Windows 11 desktop. "It's a contained policy-controlled auditable execution environment," says Davuluri. "It gives us a place where the agents can operate with software in an analogous fashion to what people do." Agent workspace is like a sandbox for AI agents, where each agent operates using its own Windows account. This is all in the name of security, and probably because AI models aren't always accurate so you'll want that activity separate to your main Windows session. While agents in the taskbar is a big new AI addition to Windows 11, it's not the only way Microsoft is reimagining the operating system into what it calls an "agentic OS." Microsoft is also bringing Copilot into File Explorer as part of this work. "What we want to do is make it even more convenient to get highly contextual and deeper Copilot help in Windows surfaces that you already use a lot, like the File Explorer," says Virk. Copilot integration in File Explorer lets Windows 11 users summarize a document in one click, answer questions about files, or draft emails based on the content of a document. Click to Do is also being improved on Copilot Plus PCs, allowing you to convert any table you see on the web or anywhere else on your PC into an Excel document. You can then freely manipulate the data and add new columns. While Click To Do uses local AI models on a Copilot Plus PC, once that data is in Excel you can modify it using cloud-powered AI models through Copilot and Agent Mode. This hybrid mix of local AI (Copilot Plus PC) and cloud-powered AI (Copilot) seems to be where Microsoft is heading with its Windows AI features. A new writing assistance feature is entering preview that lets you rewrite and compose in any text box in Windows 11, and it even has offline support on Copilot Plus PCs. Outlook is also getting AI-generated summaries, and Word is getting automatic alt-text for images in Office documents. Microsoft is also working on a new "fluid dictation" feature for Windows that turns speech into text with correct grammar and punctuation. This hybrid mix of AI is even more apparent in Microsoft's Windows 365 service. These cloud PCs -- that can be accessed through Windows 11, a web browser, or mobile apps -- include Copilot Plus features and also have access to the main cloud-powered Copilot features. If you're not interested in the AI additions to Windows, Microsoft also has some IT-focused additions at its Ignite conference this week. Hardware-accelerated BitLocker is on the way next year, and will require next-generation Windows devices that are built on unannounced chips. "Hardware acceleration of BitLock requires the capability in the silicon platform," says Davuluri. "As and when those capabilities are available, the OS will be able to unlock them for users." Sysmon functionality is also being integrated into Windows in early 2026. It will make security events available in the event log and make it easier for security teams to manage Windows systems. Microsoft is also launching Windows Hello's visual refresh and new passkey manager integration, which works with Microsoft Password Manager in Edge, 1Password, and Bitwarden.

Microsoft is packing more AI into Windows, ready or not - here's what's new

Microsoft is adding more Copilot and AI agents to Windows.Certain new AI features require a Copilot+ PC.But do Windows users really want an agentic OS? With the buzz around generative AI, Microsoft has been on a mission to add AI to virtually all its products and services, including and especially Windows. The company's vision for Windows is an agentic AI filled with bots and agents that promise to carry out your every wish. Also: Microsoft said my PC was 'too old' to run Windows 11 - how I upgraded in 5 minutes anyway With this week's Ignite event, the company has even more in store, from new Copilot skills to writing assistance to troubleshooting agents. But is this focus on AI what Windows users really want? That's debatable. But before we get into that debate, let's see what the folks in Redmond have on tap. In a new blog post connected with the Ignite event, Microsoft described the new AI features and skills coming to Windows. First up are AI agents. As Microsoft touts: "Windows is transforming how users access and manage Al agents across the operating system, with new features in preview." Also: I tested all of Edge's new AI browser features - and it felt like having a personal assistant Here, an Ask Copilot icon on the Windows taskbar will let you more easily trigger Copilot and various AI agents across all your apps and devices. You'll be able to kick off Copilot and Microsoft 365 Copilot from anywhere in Windows via the taskbar and Start menu. From the Windows taskbar, you can call up Microsoft 365 Copilot agents, troubleshooting agents, and even agents from third parties. You'll also be able to launch these agents directly from the prompt in the Copilot Windows app by using the Tools menu or by typing @. Next up are new AI features for Copilot, also in preview mode. Microsoft brags that with the new features, "Windows is continuing to transform how users interact with Al by delivering a simple, personalized, and multimodal experience." OK, so what does that mean? With the Click to Do feature still limited to Copilot+PCs, a new action called Ask Microsoft 365 Copilot will grab any supported image or piece of text and automatically send it to Copilot. Also: Microsoft gives Copilot a 'real talk' upgrade - and an (optional) cartoon face The Ask Microsoft 365 Copilot option in File Explorer will let you select any file and ask the AI to analyze, summarize, or answer specific questions about it. You'll even be able to hover over a document in File Explorer to access different AI models. Here's another option, but again only for Copilot+ PCs. Users on trusted Microsoft 365 domains can search for local and cloud-based files by using natural language to describe the items they want to find. Another feature called Writing Assistance will provide built-in AI to help you rewrite, edit, and proofread documents. With Copilot+PC, you can also use this option offline. Next, you'll be able to launch and work with Microsoft 365 Copilot by voice. For this, you can say "Hey, Copilot" or just press the Copilot key on supported keyboards (or Win+C on keyboards without a dedicated key). The idea here is to help you access Copilot without having to interrupt what you're doing or switch to a different app or window. There are also a couple of new AI features designed with accessibility in mind. Currently in preview, Fluid Dictation is a new option for Windows 11 Copilot+ PCs that aims to improve dictation. Part of the Voice Access suite, this one promises to make typing by voice faster, easier, and more accurate, turning your spoken words into text without too many mistakes. Also: Microsoft just added AI agents to Word, Excel, and PowerPoint - how to use them The Windows Narrator and Magnifier tools both promise a more natural reading of text and on-screen elements. Using AI, the new high-definition voices will try to provide a more pleasing tone and pace as you listen to the spoken words. There's still one more piece to the AI puzzle. Now available for Windows 11 insiders, a new option for experimental agentic features will allow AI agents to use the latest agentic tools in Windows. To enable this on a Windows 11 insiders build, head to System, select AI Components, and then turn on the switch for "Experimental agentic features." If you take the plunge, this Microsoft web page on Experimental Agentic Features explains what's in store for you. Well, that's certainly a hefty dose of AI being doled out to Windows users. Well, not all Windows users. Several of these items require a Copilot+ PC as the company continues to push these AI-infused computer models. Microsoft is clearly excited about all this AI infiltrating Windows. But are its users as excited? Not quite. In a tweet posted November 10, Microsoft president Pavan Davuluri boasted that "Windows is evolving into an agentic OS, connecting devices, cloud, and AI to unlock intelligent productivity and secure work anywhere." Davuluri likely expected Windows users to share his enthusiasm for the company's vision of an agentic OS. Instead, the post elicited almost 500 angry and often nasty responses from people who clearly don't see AI as the greatest thing since sliced bread. Their collective argument? Also: Microsoft Word forcing you to save new files to the cloud? Here's how to stop it Instead of increasingly pushing AI into Windows, Microsoft needs to refocus on making the operating system more reliable and stable. That means correcting the many bugs, flaws, and weaknesses that permeate the platform. It also means turning Windows into a cleaner and more basic OS that hosts your applications and files without all the bells and whistles that people don't seem to want. Likely taken by surprise by all the negative feedback, Davuluri responded to one post in which he seemed to at least acknowledge the complaints. "I've read through the comments and see focus on things like reliability, performance, ease of use and more," Davuluri wrote. "But I want to spend a moment just on the point you are making, and I'll boil it down, we care deeply about developers. We know we have work to do on the experience, both on the everyday usability, from inconsistent dialogs to power user experiences. When we meet as a team, we discuss these pain points and others in detail, because we want developers to choose Windows." However, with Microsoft Ignite running this week, it's back to business as usual, which means promoting AI for Windows. In a post on Sunday, Davuluri touted: "With Copilot and new agentic experiences at the center, every Windows 11 PC becomes an AI PC that empowers you to connect, create, and work in more natural ways." Of course, this post also led to a host of negative comments as if we're going around in circles. Also: 50+ Windows keyboard shortcuts you should use ASAP for improved productivity So is Microsoft stuck down the wrong path here and too far along to switch gears? Certainly, there's nothing wrong with sprinkling some AI into the operating system. I turn to these tools both personally and professionally. But I know that they're prone to errors, so I use them sparingly and judiciously. The problem is that Microsoft is pouring hefty doses of AI into Windows to capitalize on all the buzz. Instead, the company should be focused on making the OS less bloated, more reliable, and more stable. That's what users want. And once that's been accomplished, then maybe we can talk about AI.

Microsoft's vision of "AI-native" Windows is becoming real, update introduces agents that pilfer through your files -- Latest Windows 11 Insider build includes experimental AI agents toggle that can perform tasks for you in the background

A few days ago, a high-ranking Microsoft executive characteristically gushed about how Windows is becoming an agentic OS with a focus on AI features, a sentiment that was met with intense scrutiny on social media. Today, we have our first look at what that eventuality could look like, with AI agents working by your side in the background in Windows 11 Insider Build 26220.7262, as detailed by the Windows Insider Blog. This latest update adds a new "Experimental agentic features" toggle in settings, which creates a separate desktop environment called the "Agent Workspace." Think of it like Windows Sandbox; still isolated from the rest of the system, but Microsoft says it's supposed to be more efficient than virtualization. Unfortunately, Agent Workspaces are not functional right now beyond a simple toggle. The idea behind this concept stems from agents in ChatGPT or Copilot Actions. They're little digital assistants carrying out mundane tasks on your behalf, such as scrolling through documents, pointing and clicking at various things, and maybe even booking a flight for you. Previously, features like these operated in the cloud in a virtualized window, but now Microsoft wants them to run locally on your computer. Each time an AI workspace is created, a different AI agent is in charge of that, with its own customized access to "known folders" like Downloads and Desktop. Because the Agent Workspace is its own separate entity, everything is logged with a clearly traceable path of everything the agent saw or performed. You can set up rules for all the agents and allow access to connect to apps (like Copilot) which have agentic feature support. It all sounds like a privacy nightmare, but Microsoft says "security in this context is not a one-time feature -- it's a continuous commitment." AI agents are turned off by default, so creating Agent Workspaces is a deliberate choice that even Microsoft acknowledges has some tradeoffs, advising users to only opt in if they're comfortable with letting agents poke around within the PC's data. "We recommend that you only enable this feature if you understand the security implications outlined on this page. This setting can only be enabled by an administrator user of the device and once enabled, it's enabled for all users on the device including other administrators and standard users." Once the setting is enabled, AI agents can gain read/write access to certain aforementioned folders if you grant them the necessary permissions. Therefore, these agents can access files in those places, which is needed in order for them to work for you. Microsoft claims that this is safe because each Agent Workspace has its own isolated runtime and "scoped authorization". But, in practice, it remains to be seen whether these claims hold water. In simple words, essentially a new user account is created, seperate from your personal account, tied specifically to an AI agent. This ensures permissions don't overlap and that the admin account always remains in control, with the AI account only having limited access, operating within set boundaries. It's similar to how user accounts in general work in Windows -- now, it's just an AI, instead of a real human. The benefit of such deep AI integration is... scarce, at the moment, especially when you remember that Agent Workspaces literally don't work right now. Many users are also rightfully furious over how Microsoft is steering Windows into this instead of addressing long-permeating issues within the OS.

Microsoft explains how Windows 11 will become an agentic OS whether you like it or not

Serving tech enthusiasts for over 25 years. TechSpot means tech analysis and advice you can trust. WTF?! Many people thought Microsoft's idea for an "agentic OS," as introduced a few days ago, was more of a futuristic notion than a production-ready system ready for integration. Today, the company clarified that agentic features are arriving sooner than anyone could have expected. Windows president Pavan Davuluri recently described the future of Windows as an agentic operating system, where AI bots and large language models handle the user's commands on files and computing tasks. Critics mostly greeted the idea with scorn, cursing, and frustration over the "bug-ridden slop pile" the OS currently is. Nevertheless, the agentic OS concept is taking root within Microsoft's more traditional software business. Microsoft has already released a new support guide for the agentic features coming to Windows 11. The company confirmed that these "experimental" changes will appear in a private developer preview build for unpaid beta testers enrolled in the Windows Insiders program. They promise to go far beyond adding a new chatbot or improving a large language model and will play a central role in making agent-powered computing a reality. The first feature enabling the agentic OS is called Agent Workspace, a dedicated space within Windows where an AI agent can operate on users' data and files. Each workspace is limited to a separate agent user contained within its own Windows account. Human users can continue operating the device normally while these agent accounts carry out their assigned tasks. Microsoft says there are "clear boundaries" between agentic accounts and standard user accounts. Agent workspaces run securely and use minimal CPU and memory, with additional agentic capabilities planned over time. The setup resembles an overly complex AI-based virtualization system, though Microsoft claims agent workspaces are more efficient than a traditional virtual machine like Windows Sandbox. Nonetheless, agent workspaces will offer comparable security isolation, parallel execution support, and complete user control relative to a VM. The AI bots will have limited access to user folders, including Documents, Downloads, Desktop, Videos, Pictures, and Music. When enabled, agent accounts can work on the same folders that authenticated users can access, such as public user profiles. Redmond stresses that Windows 11's agentic AI features follow a "robust" set of security principles. The company also says agent users are autonomous entities that require proper supervision and authorization. Developers and security software can attack them like any other software component, which is why their actions must remain "contained." So far, AI agents have significantly increased security risks for users. Microsoft warns that agentic AI remains a fast-moving research area, and we couldn't agree more. At this stage, there's no reason for any cautious user or reputable enterprise to engage with it - perhaps not ever.

Windows 11 is overhauling the taskbar, again

Microsoft is making a massive pivot in how Windows 11 operates. The company is turning the entire platform into an "agentic OS" that starts with integrating new AI agents directly into the Windows 11 taskbar, which should help make things easier for those who use it. The AI agents that are going into the Windows 11 taskbar, include the company's own Microsoft 365 Copilot and options from third-party developers. These agents are designed to act like a personal assistant that can control your PC and complete tasks for you at the click of a button. It reminds me of what Cortana was supposed to be, since that was also in the taskbar. However, this should be a bit more helpful since this is built into the updated Ask Copilot feature on the taskbar. This lets users not only find files and settings quickly but also launch AI agents or start a conversation with Microsoft 365 Copilot directly from the taskbar. The most interesting part of this taskbar change is how it handles background tasks. Once you ask an AI agent to go off and handle some tasks, like researching data or automating a time-consuming administrative job, the agent shifts into the taskbar and runs quietly in the background. You can hover over the taskbar icon at any time to see exactly what the agent is doing. If an agent needs your attention or if it completes a task, it will notify you and update its state right there on the taskbar icon. There are badges that give you immediate visual feedback. You'll see a yellow exclamation point when the agent needs help or a green tick mark when it has successfully completed something you asked it to do. I would say the biggest problem with any new AI feature is security and control. Microsoft is handling this with a feature called the Agent Workspace. This is a contained, policy-controlled, sandbox for AI agents, letting them operate with software like a human would do. Each agent uses its own Windows account, separate from your personal user account. This setup makes sure there are clear boundaries and runtime isolation. It lets you delegate tasks to agents while keeping complete control and visibility into every action the agent takes. The agent workspace helps fight security risks by operating under the principle of least privilege. Agents only get access to known folders like Documents, Downloads, Desktop, Pictures, Music, and Videos, and only if an administrator explicitly enables the experimental agentic feature setting. So, if anything goes wrong, you likely gave it too much access. The agentic shift isn't limited to the taskbar, either. Microsoft is also bringing Copilot directly into File Explorer. File Explorer integration lets Windows 11 users summarize a document in one click, answer questions about files, or draft emails based on the content of a document they are currently viewing. To use this, you have to sign in using an administrator account. Once signed in, go to Settings, select System, and then find and click on AI Components. Here, you will find the toggle to activate Experimental Agentic Features. If you're worried about this being forced upon you, you don't have to enable it. Microsoft says these experiences are designed to be opt-in, so if you don't want to, don't make any changes. Source: Microsoft via The Verge

Microsoft warns Windows 11 AI could put malware on your PC

Microsoft keeps injecting AI into Windows, and now even the company itself is admitting that there are safety risks in doing so. This week, Microsoft added some new agentic AI features to Windows 11 Insider users, which give AI permission to automate things like sending emails and sorting files. These are turned off by default and need to be opted into, but for those who choose to enable them, Microsoft published a security note on its website warning that there are security risks to giving AI access to all of your files: "As these capabilities are introduced, AI models still face functional limitations in terms of how they behave and occasionally may hallucinate and produce unexpected outputs," Microsoft said. "Additionally, agentic AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation." In other words, it's technically possible for something that's meant to help users to harm them instead. This may very well be a super unlikely hypothetical edge case, but the fact that Microsoft felt compelled to say anything about it at all is a bit alarming. As a possible solution, Microsoft is rolling out an experimental feature called "agent workspace," which limits what the AI agent has access to on the PC. In basic terms, it means the agent can only access things that are available to any user of the machine, while files locked behind specific user profiles are off-limits. We're still in the relatively early stages of all of this, so it will take some time to see how it shakes out. But just be careful before turning on these features.

Microsoft remakes Windows for an era of autonomous AI agents

Microsoft is fundamentally restructuring its Windows operating system to become what executives call the first "agentic OS," embedding the infrastructure needed for autonomous AI agents to operate securely at enterprise scale -- a watershed moment in the evolution of personal computing that positions the 40-year-old platform as the foundation for a new era of human-machine collaboration. The company announced Tuesday at its Ignite conference that it is introducing native agent infrastructure directly into Windows 11, allowing AI agents -- autonomous software programs that can perform complex, multi-step tasks on behalf of users -- to discover tools, execute workflows, and interact with applications through standardized protocols while operating in secure, policy-controlled environments separate from user sessions. The shift is Microsoft's most significant architectural evolution of Windows since the introduction of the modern security model, transforming the operating system from a platform where users manually orchestrate applications into one where they can "simply express your desired outcome, and agents handle the complexity," according to Pavan Davuluri, President of Windows & Devices at Microsoft. "Windows 11 starts with this notion of secure by design, secure by default," Davuluri said in an exclusive interview with VentureBeat. "And a lot of the work that we're doing today, when we think about the engagement we have with our customers, the expectations they have with us is making sure we are building upon the fact that Windows is the most secure platform for them and is the most resilient platform as well." The announcements arrive as enterprises are experimenting with AI agents but struggling with fragmented tooling, security concerns, and lack of centralized management -- challenges that Microsoft believes only operating system-level integration can solve. The stakes are enormous: with Windows running on an estimated 1.4 billion devices globally, Microsoft's architectural choices will likely shape how organizations deploy autonomous AI systems for years to come. New platform primitives create foundation for agent computing At the core of Microsoft's vision are three new platform capabilities entering preview that fundamentally change how agents operate on Windows. Agent Connectors provide native support for the Model Context Protocol (MCP), an open standard introduced by Anthropic that allows AI agents to connect with external tools and data sources. Microsoft has built what it calls an "on-device registry" -- a secure, manageable repository where developers can register their applications' capabilities as agent connectors, making them discoverable to any compatible agent on the system. "These are platform capabilities that then become available to all of our customers," Davuluri explained, describing how the Windows file system, for example, becomes an agent connector that any MCP-compatible agent can access with user consent. "We're able to do this in a fashion that can scale for one but it also allows others to participate in the Windows registry for MCP." The architecture introduces an MCP proxy layer that handles authentication, authorization, and auditing for all communication between agents and connectors. Microsoft is launching with two built-in agent connectors for File Explorer and System Settings, allowing agents to manage files or adjust system configurations like switching between light and dark mode -- all with explicit user permission. Agent Workspace, entering private preview, represents perhaps the most significant security innovation. It creates what Microsoft describes as "a contained, policy-controlled, and auditable environment where agents can interact with software" -- essentially a parallel desktop session where agents operate with their own distinct identity, completely separate from the user's primary session. "We want to be able to have clarity in the identity of the agent that is operating in the local operating system," Davuluri said, addressing security concerns about agents accessing sensitive data. "We want that session to be a session that is secure, that is policy control, that is manageable, that has transparency and auditability." Each agent workspace runs with minimal privileges by default, accessing only explicitly granted resources. The system maintains detailed audit logs distinguishing agent actions from user actions -- critical for enterprises that need to prove compliance and track all changes to systems and data. Windows 365 for Agents extends this infrastructure to the cloud, turning Microsoft's Cloud PC offering into execution environments for agents. Instead of running on local devices, agents can operate in secure, policy-controlled virtual machines in Azure, enabling what Microsoft calls "computer-using agents" to interact with legacy applications and perform automation tasks at scale without consuming local compute resources. Taskbar becomes command center for monitoring AI agents at work The infrastructure enables significant user interface changes designed to make agents as commonplace as applications. Microsoft is introducing "Ask Copilot on the taskbar," a unified entry point in preview that combines Microsoft 365 Copilot, agent invocation, and traditional search in a single interface. Users will be able to invoke agents using "@" mentions directly from the taskbar, then monitor their progress through familiar UI patterns like hover cards, progress badges, and notifications -- all while continuing other work. When an agent completes a task or needs input, it surfaces updates through the taskbar without disrupting the user's primary workflow. "We've evolved and created new UX in the taskbar to reflect the unique needs of agents performing background tasks on your behalf," said Navjot Virk, Corporate Vice President of Windows Experiences, describing features like progress bars and status badges that indicate when agents are working, need approval, or have completed tasks. The design philosophy, Virk emphasized, centers on user control. "These experiences are designed to be opt in. We want to give customers full control over when and how they engage with copilots and agents." For commercial Microsoft 365 Copilot users, the integration goes deeper. Microsoft is embedding Copilot directly into File Explorer, allowing users to ask questions, generate summaries, or draft emails based on document contents without leaving the file management interface. On Copilot+ PCs -- devices with neural processing units capable of 40 trillion operations per second -- new capabilities include converting any on-screen table into an Excel spreadsheet through the Click to Do feature. Microsoft bets on open standards against Apple and Google's proprietary approaches Microsoft's embrace of the open Model Context Protocol, created by Anthropic, marks a strategic bet on openness as enterprises evaluate competing AI platforms from Apple and Google that use proprietary frameworks. "Windows is an open platform, and by virtue [of being] an open platform, we certainly have the ability to take existing technologies, evolve, harden, adapt those, but we also allow customers to bring their own capabilities to the platform as well," Davuluri said when asked about competing with Apple Intelligence and Google's Android AI for Enterprise. The company demonstrated this openness with Claude, Anthropic's AI assistant, accessing the Windows file system through agent connectors with user consent -- one of numerous partnerships Microsoft has secured. Dynamics 365 is using the File Explorer connector to streamline expense reporting, reducing what was previously a 30-minute, dozen-step process to "one sentence with high accuracy," according to Microsoft's blog post. Other early partners include Manus AI, Dropbox Dash, Roboflow, and Infosys. "Windows is the platform in which they build upon," Davuluri said of enterprise customers. "And so our ability to take those existing bodies of work they have, and extend them is the, I think, the least friction way for them to go, learn, adopt, experiment and find ways to [scale]." Security model enforces strict containment and mandatory user consent Microsoft's security model for agents adheres to what it calls "secure by default" policies aligned with the company's broader Secure Future Initiative. All agent connectors registered in the on-device registry must meet strict requirements around packaging and identity, with applications properly packaged and signed by trusted sources. Developers must explicitly declare the minimum capabilities their agent connectors require, and agents and connectors run in isolated environments with dedicated agent user accounts, separate from human user accounts. Windows requires explicit user approval when agents first access sensitive resources like files or system settings. "We give Windows the ability to go deliver on the security expectations, and then it is auditable at the end of the day," Davuluri said. "You still want an auditability log that looks similar to perhaps what you use in the cloud. And so all three pieces are built into the design and architecture of Agent Workspace." For IT administrators, Microsoft is introducing management policies through Intune and Group Policy that allow organizations to enable or disable agent features at device and account levels, set minimum security policy levels, and access event logs enumerating all agent connector invocations and errors. The company emphasized that agents operate with restricted privileges, with minimal permissions by default and access granted only to explicitly approved resources that users can revoke at any time. Post-quantum cryptography and recovery tools address emerging and persistent threats Beyond agent infrastructure, Microsoft announced significant security and resilience updates addressing both emerging and persistent enterprise challenges. Post-Quantum Cryptography APIs are now generally available in Windows, allowing organizations to begin migrating to encryption algorithms designed to withstand future quantum computing attacks that could break today's cryptographic standards. Microsoft worked closely with the National Institute of Standards and Technology to implement these algorithms. "We are introducing post quantum cryptography APIs in Windows," Davuluri said. "For customers who want to be able to do cryptographic encryption in their workloads, they can start taking advantage of these APIs in Windows for the first time. That is a huge step forward for us when we think about the future of windows." Hardware-accelerated BitLocker will arrive on new devices starting spring 2026, offloading disk encryption to dedicated silicon for faster performance while providing hardware-level key protection. Sysmon functionality is becoming generally available as part of Windows in early 2026, bringing advanced forensics and threat detection capabilities previously available only as a separate download directly into the operating system's event logging system. The company also detailed progress on its Windows Resiliency Initiative, launched a year ago following the CrowdStrike incident that disrupted 8.5 million Windows devices globally. New recovery capabilities include Quick Machine Recovery with expanded networking support and Autopatch management, allowing IT to remotely fix devices stuck in Windows Recovery Environment. Point-in-time restore entering preview rolls back devices to earlier states to resolve update conflicts or configuration errors, while Cloud rebuild in preview allows IT to remotely rebuild malfunctioning devices by downloading fresh installation media and using Autopilot for zero-touch provisioning. Microsoft is also raising security requirements for third-party drivers across the Windows ecosystem. Following updated requirements for antivirus drivers effective April 1, 2025, the company is expanding this approach to other driver classes including networking, cameras, USB, printers, and storage -- requiring higher certification standards, adding compiler safeguards, and providing more Windows in-box drivers to reduce reliance on third-party kernel-mode code. Measured rollout reflects enterprise caution around autonomous software Microsoft is positioning these updates as essential infrastructure for what it calls "Frontier Firms" -- organizations that "blend human ingenuity with intelligent systems to deliver real outcomes." However, the company emphasized a cautious, opt-in approach that reflects enterprise concerns about autonomous software agents. "The principles we're using in designing these new platform capabilities accounts for the reality that we have a very, very broad user base," Davuluri said. "A lot of the features and capabilities we're building are opt in capabilities. And so it is our goal to be able to have users find value in the workflow and meet them." Virk emphasized the measured approach: "This is more about meeting customers where they are and then taking them on this journey when they are ready. So there's the optionality, but also having support for it. And really important thing is that they should feel comfortable. They should feel secure." Microsoft's bet is that only operating system-level integration can provide the security, governance, and user experience required for mainstream AI agent adoption. Whether that vision materializes will depend on developer adoption, enterprise comfort with autonomous software, and Microsoft's ability to balance innovation with the stability that 40 years of Windows customers expect. After four decades of putting users in control of their computers, Windows is now asking them to share that control with machines.

Microsoft explains how Windows 11's AI agents will work as testing is about to start - and I'll admit, I'm nervous

We've been hearing a lot from Microsoft about how Windows 11 is evolving into an agentic OS of late, and now we have a better idea of exactly where those AI cogs fit into the machinery of the desktop OS. In a new preview build (26220.7262) for the Dev and Beta channels, Microsoft highlighted an addition to Windows 11 in Settings in the AI Components department, where there's a new slider to turn on 'experimental agentic features'. What does that mean? Microsoft points to a blog post that offers a lot more info, explaining that: "Windows is introducing a new experimental feature - agent workspace - available in a private developer preview for Windows Insiders in a release coming soon. This early preview reflects our phased approach to delivering agentic capabilities, starting with limited access to gather feedback and strengthen foundational security." So, it's important to note that this is experimental, and will only be engaged with by a niche set of Windows 11 testers as part of a special developer preview. However, Microsoft also goes into some illuminating detail as to how AI agents will be implemented in Windows 11, for both businesses and consumers. Microsoft tells us that "agent workspaces represent a key step in enabling intelligent, agent-powered computing", and this is the environment in which these AI agents will work. That workspace will be boxed off from the rest of Windows 11 for security reasons, and the user will be able to grant the agent access to specific apps and files - the content the AI needs - so it doesn't have the ability to freely roam through your system and folders. Any given agent will have its own account in Windows 11, separate to the user's account, and it'll be able to run in parallel to whatever the user is doing, completing tasks autonomously alongside them. Microsoft notes: "This dedicated agent account establishes clear boundaries between agent activity and your own, enabling scoped authorization and runtime isolation. As a result, you can delegate tasks to agents while retaining full control, visibility into agent actions, and the ability to manage access at any time." Every agent can be given different permissions and configured separately from other AI instances. Microsoft is stressing security and file access permissions, then, and also the fact that these agent workspaces are designed to be lightweight, so they won't chomp through system resources. Although depending on what you have the agent doing, there will, of course, be a level of performance impact. Various AI agents will be in Windows 11 eventually, and Microsoft already has Copilot Actions on the boil, an agent that can take on basic grunt-work in the operating system - such as, say, sorting through a folder library of backed-up photos and removing any duplicate images. Another revelation was Manus AI, an agent that can manage more complicated tasks, like building a website from content that you provide it with. Microsoft is laying down the caveats from the get-go with Windows 11's agentic features, which is no surprise really. They are experimental for developers to try out initially, and the blog post notes that AI can make mistakes (and 'hallucinate', essentially meaning go off the rails completely). When such an entity has access to your files, there obviously need to be some comprehensive ground rules (including limiting that access to the minimal required level for whatever task the AI is doing). Still, the complexity of having these AI agents working within Windows 11 is naturally making people nervous - myself included. I look at how Microsoft approached Recall, another major piece of the puzzle for AI (with Copilot+ PCs), and it doesn't exactly reassure me. It was an extremely messy affair if you recall, from the blundered launch onwards. On one hand, hopefully this made Microsoft learn some hard lessons - and that knowledge is going to make AI agents better. Fingers firmly crossed. But on the other hand, the litany of mistakes in Windows 11 just does not inspire much confidence - when even basic things are broken in seemingly random fashion at times with bugs in Microsoft's monthly updates. This is where the company clearly must be very careful, because the first time an AI agent goes awry... well, this is territory Microsoft can't afford to put a foot wrong in. Because if that happens, and trust is lost in AI agents, that could be very difficult for Windows 11 to come back from. Microsoft is talking a good security game, though, and again mentions defending against new security risks that AI agents could be vulnerable to - such as cross-prompt injection - and other precautions such as having full logs kept on the agent's activity within Windows 11. However, all this must successfully translate to the reality of a super-secure environment for these agentic applications to be confined to and managed with. Only time will tell on that score, and meanwhile, all this is playing out to a tirade of negative feedback about why Microsoft is pursuing this course with AI, when there are many more fundamental issues with Windows 11 which need attention. And again, that comes back to if there's shakiness around those foundational aspects, it's easy to be fearful that AI agents could misfire somehow.

New Windows 11 toggle lets AI agents work in your background

Flip the Experimental agentic features switch and Copilot Actions gets its own account, its own desktop, and limited access to your stuff while you use your PC normally. What's happened? Microsoft is testing a new way for AI helpers to live on your PC. In the latest Windows 11 Insider Preview build for the Dev and Beta channels, there is a setting called "Experimental agentic features" under a new AI Components menu in System. When it is turned on, Windows creates special agent accounts and an "agent workspace" where AI agents can run in their own environment, the release says. The toggle is off by default, can only be changed by an administrator, and applies to every user on that device once enabled. Microsoft explains that agent apps such as Copilot can ask for access to folders like Documents, Desktop, and Downloads, and Microsoft warns of early quirks such as PCs not sleeping while Copilot Actions is active. This is important because: This agent workspace is Microsoft's template for how Windows 11 AI agents will actually run on your machine. Instead of pretending to be you, each helper gets its own identity and a fenced off session. Microsoft describes the workspace as a contained space where agents can reach into your apps and files to finish tasks while you keep using the device. Each agent uses scoped authorization and runtime isolation so access can be tuned per agent instead of giving one wide open account. For now it runs as a separate Windows environment that talks to your apps in parallel, which Microsoft pitches as lighter than a full virtual machine but still isolated. Recommended Videos Why should I care? If you flip this on, you are letting software agents work directly with your stuff. Microsoft is trying to keep that safe with tight permissions, logging, and a clear way to shut it all back off. The company tells users to only enable "Experimental agentic features" if they understand the security trade offs, and says turning it off cuts agents off from your profile folders. Design rules include "least privilege," time bound permissions, and tamper evident audit logs so agent activity can be checked after the fact. Okay, so what's next? Right now, this all mostly shows up through Copilot Actions. It is Microsoft's first example of an AI helper running from that hidden workspace and doing multi step work while your main desktop stays yours. Microsoft calls Copilot Actions "an active digital collaborator" that can interact with apps from the agent workspace instead of taking over your session. Agent workspace is still a private developer preview for Windows Insiders, and Microsoft plans more workspace types, tighter rules, and broader availability once it has more feedback. If you don't mind the trade offs, check it out in the latest Insider preview.

Apparently Windows 11 becoming 'agentic AI' means letting the bots rummage through some of your files

A few days ago we reported that the president of Windows and devices at Microsoft said "Windows is evolving into an agentic OS." We weren't sure exactly what that meant, though, apart from Windows having some kind of AI functionality baked in that can run autonomously. Well, ponder no more because a new support document explains, and it looks like the changes are already rolling out to Insiders. The support document explains (via Windows Central) that such "agentic features" include an "experimental feature" called Copilot Actions that allows AI to interact with local files: "With Copilot Actions you have an active digital collaborator that can carry out complex tasks for you to enhance efficiency and productivity." The agentic AI will be able to work in what Microsoft calls an "agent workspace", a "separate, contained space in Windows where you can grant agents access to your apps and files so they can complete tasks for you in the background while you continue to use your device." This workspace, distinct from your own user account space, "establishes clear boundaries between agent activity and your own, enabling scoped authorization and runtime isolation." Unlike what we saw from Microsoft's previous big AI feature, Recall, Windows as an agentive playground for AI seems to be hitting quite quickly. Microsoft explains that Copilot Actions is already "gradually rolling out to Insiders worldwide" in a Copilot app update via the Microsoft Store. Microsoft gives some examples of what you might use this for: "Whether you need a hand sorting through your recent vacation photos, organizing your Downloads folder, converting your files, or need to extract info from a PDF, Copilot Actions can do the heavy lifting for you based on the context of what's on your PC." As for how well it will perform those tasks? We'll just have to wait and see. There is also, of course, the question of privacy. It can be disconcerting to think about an AI agent having access to your personal files, but Microsoft says its "commitment is to include robust security and privacy controls that empower customers to explore their potential confidently with the support of clear guidance and appropriate guardrails driven by these goals." On the privacy front -- somewhat distinct from the security front -- Microsoft seems to mainly refer to its Privacy Report and Responsible AI Standard, saying Windows will "help agents adhere" to the commitments outlined in these. While it seems like Microsoft is committed to making the agents transparent and only giving them access to what you explicitly tell them they can access -- perhaps learning from the whole Recall debacle -- it seems less clear if or how information gleaned from the files you do give them access to will be used. Will any of this information be used for AI training? Will it be anonymised? It will be interesting to see exactly what limitations Microsoft puts on this new agentic AI.

Microsoft Warns Windows 11 AI Can Install Malware

The upcoming AI agents will have to be turned on by users and I'd advise you not to do that Microsoft's push to make Windows 11 a fully AI PC operating system continues, with the company planning to roll out new AI agents that can complete tasks and make changes on your behalf. But the company isn't turning the AI feature on by default because there's a risk of it downloading and installing malware. Oops! As spotted by Windows Central, Microsoft recently published a lengthy warning about the AI agents it will soon add to Windows 11. In the post, Microsoft explains that agents will have their own accounts on your Windows 11 PC. They'll also have "limited access to your user profile directory" and, if needed, will be granted read and write access to certain folders, including Documents, Downloads, and Desktop. And while Microsoft claims that all AI decisions must be approved by a human and all actions will be logged and reported, the tech giant acknowledges that activating these agents could be a bad idea. In the warning, Microsoft straight up says that its AI agents introduce "novel security risks" like, oh, I don't know, being able to send off your data without you realizing it, being tricked by online commands, or even installing harmful software. Here's the full warning: As these capabilities are introduced, AI models still face functional limitations in terms of how they behave and occasionally may hallucinate and produce unexpected outputs. Additionally, agentic AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation. Now that seems very bad to me, a person who likes to keep malware off my PC. And Microsoft agrees, because when these agents are added in a future update, they will need to be manually activated by the user. So at the very least, if you are running Windows 11, you don't have to worry about AI agents installing some malware on your PC while you're off grabbing a snack. For now. Microsoft is pushing AI hard in all its products, including Xbox, and I wouldn't be surprised if one day these AI agents in Windows 11 are just turned on by default. Anyway, remember how Xbox is teasing that its next console will basically be a Windows-powered PC? Cool stuff. So happy about that.

Security Risks Put Windows Copilot Actions Under Scrutiny

They compared Copilot Actions to dangerous macro-like automation Microsoft recently announced the gradual rollout of Copilot Actions on Windows 11. It is an experimental agentic capability available to Windows Insiders that automates tasks by assigning an artificial intelligence (AI) chatbot to everyday actions, such as organising files or sending emails. The company, however, cited novel security risks and recommended that this feature be utilised only if users understand its security implications. Experts have now warned about Copilot Actions, calling Microsoft's security boundaries "not really a boundary." Microsoft's Warning About Copilot Actions Despite all of the capabilities of agentic AI, there are still functional limitations in terms of their behaviour and tendency to hallucinate and deliver unexpected outputs, Microsoft explained in a blog post. These are associated with the inherent defects in large language models (LLMs). Consequently, there may be instances in which the AI twists the facts and provides factually inaccurate and even bizarre responses. Further, there are novel security risks associated with agentic AI applications. For example, cross-prompt injection (XPIA) can result in malicious content being embedded in documents and UI elements. This carries the risk of agent instructions being overridden, leading to data exfiltration, malware installation, or other unintended actions. Microsoft said that it has built appropriate guardrails to mitigate such instances. To begin with, all of the automated actions carried out by Copilot Actions are observable and distinguishable from those manually taken by a user. Further, AI agents that collect and utilise users' protected data must meet or exceed the security and privacy standards of the data being consumed. Lastly, all requests for user data utilisation, as well as actions to be taken, will be approved by the user. The company further clarified that IT administrators can turn off an agent workspace at both account and device levels for workspace accounts, using mobile device management (MDM) apps. Despite the company's efforts, the new Copilot Actions feature has come under scrutiny from security experts. What Experts Say In a conversation with ArsTechnica, independent security researcher Kevin Beaumont compared Copilot Actions to macros in Microsoft Office. Macros, notably, are sequences of instructions that automate repetitive tasks by running them as a single command. While their usefulness has been explored to save time and increase efficiency, the company has also periodically warned about the risks associated with macros, which can be used to run malicious code to steal data, transfer files, or install malware. Thus, Microsoft disables macros by default. "Microsoft saying 'don't enable macros, they're dangerous'... has never worked well. This is macros on Marvel superhero [drugs]," Beaumont warned. Another concern raised by experts was the challenges faced by experienced users in detecting when the AI agents are being exploited by attackers. While Microsoft's security goals were commended, the reliance on users reading and approving the risk warnings appearing on dialogue windows was also reported to be a matter of concern, potentially diminishing the overall protection value. "Sometimes those users don't fully understand what is going on, or they might just get habituated and click 'yes' all the time. At which point, the security boundary is not really a boundary," Earlence Fernandes, a professor specialising in AI security at the University of California, told the publication. Meanwhile, one expert reportedly compared Microsoft's security warning to the CYA manoeuvre in law, which is to simply shield the party from potential liabilities. They claimed Microsoft does not have any contingency to deal with hallucinations and prompt injection, which makes Copilot Actions "fundamentally unfit for almost anything serious".

Microsoft's Windows 11 introduces AI agents in the background, managing files - The Economic Times

Microsoft's Windows 11 introduces Agent Workspace, letting AI agents run in the background to manage files and tasks. Users control access and permissions, with alerts showing progress. The feature automates routine work but raises privacy and security concerns, as agents access key folders like Documents, Desktop, Pictures and Videos.Microsoft is taking a significant step in its AI strategy for Windows 11 with a new experimental capability called Agent Workspace. This feature is designed to let AI agents operate quietly in the background, with controlled access to key personal folders so they can carry out tasks while users continue working normally. Agent Workspace also introduces dedicated runtimes, desktops and user accounts for these agents, allowing them to run continuously if the user decides to switch the feature on. It can be enabled through Settings > System > AI Components > Experimental Agentic Features. "These experiences are designed to be opt-in; we want customers to have full control over when and how they engage with Copilot and these agents," Navjot Virk, corporate vice president of Windows experiences, told The Verge. The system ties into the new Ask Copilot experience in the taskbar, which blends local file search with Copilot's AI functions. Microsoft has added taskbar indicators so users can see what agents are doing in real time. Instead of opening a full application, a floating window appears for interactions with agents or Microsoft 365 Copilot. If an agent finishes a task or needs attention, alerts appear along with visual badges on the taskbar icon, such as a yellow exclamation mark when help is needed and a green tick when the task is complete. How the agents work The AI agents need access to local files and apps in order to perform tasks effectively. By relying on Windows' Known Folders -- Documents, Desktop, Downloads, Pictures, Music and Videos -- they can find and manage files even if users have moved these folders elsewhere. Agent Workspace gives them read-and-write abilities in these locations, which makes it possible to automate repetitive tasks such as organising files, preparing presentations or updating media libraries. Each agent is given its own set of permissions, ensuring that access granted to one agent does not automatically extend to others. Security concerns Because these agents require access to sensitive folders, the feature naturally raises security and privacy questions. As testing continues, Microsoft and developers are reviewing how agents handle personal information, the risks of misuse and the importance of clear, transparent permissions so users remain fully aware of what each agent can do.

Microsoft Is Testing an Agent Workspace in Windows 11, Know What It Does

* It can be found in the AI Components page in Settings * It lets AI agents operate using its own account * Agent Workspace can access user's folders and apps Microsoft is testing a new experimental agentic feature in Windows 11. The Redmond-based tech giant announced the release of a new artificial intelligence (AI) agent to Windows Insiders. Dubbed Agent Workspace, it can access the user's apps and folders and complete tasks in them in the background. The agent comes with several layers of security allowing users to have control over what is being shared and whether or not to use this agent at all. The company said that the new feature is a major step towards creating agent-powered computing. Microsoft Tests Agent Workspace In its support page, the tech giant announced and detailed the new AI agent. It is currently available in a private developer preview for Windows Insiders. Some users have already begun seeing it while others will get it via a release in the coming days. It is also Microsoft's first general-purpose agent, which despite a narrow scope, is capable of handling a diverse range of tasks. Agent Workspace is essentially a separate, contained space in Windows 11, where AI agents can access the user's apps and folders to complete tasks in the background. With this, each agent operates using its own account instead of the user's personal account. This also creates a unique identity for it, which adds transparency to tracking its actions. Microsoft claims users can delegate tasks to agents while "retaining full control, visibility into agent actions, and the ability to manage access at any time." Enabling Agent Workspace is fairly straight forward. Users first need to sign in to Windows with an administrator account. Then, they need to navigate to Settings > System > AI Components > Experimental agentic features. Once there, users will have to enable the feature. Once the feature is active, users can create agent accounts who can then create a sandboxed environment to work on tasks in the background ensuring runtime isolation. These agents can currently only request access to six folders in user profile directory, including Documents, Downloads, Desktop, Music, Pictures, and Videos. Microsoft recommends only enabling this feature if the user understand the security implications. Some of the risks outlined by the company include occasional hallucinations resulting in unexpected outputs and cross-prompt injection attacks which can lead to data exfiltration or malware installation.

Microsoft Sparks Security Fight Over AI Agents | PYMNTS.com

By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions. First, the update. Microsoft's latest update details how Windows 11 is beginning to integrate experimental agentic AI features, giving users the ability to delegate multi-step digital tasks to autonomous software agents in a controlled and secure environment. The company outlines two key components now rolling out to Windows Insiders: Copilot Actions, which can perform actions across applications, and a new "agent workspace," a contained session where agents can interact with apps and files without accessing a user's primary desktop. Microsoft emphasizes that these features are being introduced gradually, with strict boundaries around authorization, data access, logging and oversight, and a security model designed to evolve as agentic capabilities expand. "Security in this context is not a one-time feature," read a blog post announcing the update. "It's a continuous commitment." But that commitment was doubted and even criticized in several corners. To mitigate the new security risks introduced by autonomous agents, Microsoft describes a layered model built around dedicated agent accounts, limited permissions, trusted signing and privacy-preserving design principles. These controls work in tandem with the new agent workspace, a contained Windows environment that isolates agent activity and lets users authorize, monitor, and override actions at any point. The company frames these steps as part of a broader, ongoing effort to ensure Windows remains a secure and trustworthy platform as AI agents become integral to everyday work. But that commitment was doubted and even criticized in several corners. A post on ExtremeTech explains that while Windows 11's new agentic AI features promise hands-free automation -- from sorting photos to sending emails -- they also introduce meaningful security concerns that Microsoft is addressing cautiously. AI agents run in isolated "agent workspaces" under separate identities, but the company warns that these systems remain vulnerable to cross-prompt injection attacks, where malicious text or UI elements could trick an agent into leaking data or performing harmful actions. Because of that risk profile, Microsoft requires administrator approval before agentic AI can be enabled and keeps the feature off by default, while also maintaining secure audit logs so users can review every action agents take. "There are token safeguards: the 'agent workspace' is disabled by default and can only be enabled by someone with admin privileges," read another post in gaming blog Rock Paper Shotgun. "But it's hardly reassuring when the only way to use these features safely is to not use them, at all. And you would stay at effectively zero risk of XPIA attacks if you didn't, as these types of malware are engineered to target large language models (LLMs) rather than humans." For the non-techy executives in the digital economy, the issues are a reinforcement and a reminder that agentic AI will need a human in the loop in these early days of its deployment. As stated in a recent Wolters Kluwer article, while agentic AI can automate complex, multi-step processes by planning, reasoning, and acting with a high degree of autonomy, it still requires human oversight to ensure safety, reliability and sound judgment. Even with guardrails such as restricted APIs, controlled query types and fallback mechanisms, the article stresses that human validation remains the most critical safeguard, especially in domains where an AI error could carry significant real-world consequences. The author emphasizes that agentic AI should augment, not replace, expert decision-making, and that organizations must design systems where humans validate key steps before actions proceed. Success, the article concludes, will depend on pairing AI's efficiency with human judgment at critical checkpoints. "Agentic AI's dual nature as both a tool and coworker creates new dilemmas," reads a paper released last week by MIT. "A single agent might take over a routine step, support a human expert with analysis, and collaborate across workflows in ways that shift decision-making authority. This tool-coworker duality breaks down traditional management logic, which assumes that technology either substitutes or complements, automates or augments, is labor or capital, or is a tool or a worker, but not all at once. Organizations now face an unprecedented challenge: managing a single system that demands both human resource approaches and asset management techniques."