Copilot Raises Concerns: A New Windows 11 Feature That Could Open the Door to Hacks
Microsoft recently rolled out Copilot Actions gradually to Windows 11 Insider users. This AI-powered feature helps users complete everyday tasks like organizing files, composing messages, and executing various system commands. While still in beta, it has sparked concern among cybersecurity experts.
Microsoft's Warnings: Protection or a Disclaimer?
In an official statement, the company explained that while the feature has its capabilities, it may suffer from issues such as hallucinations, inaccurate results, and a tendency for AI models to misinterpret information. It also warned of new security risks, most notably cross-injection of commands (XPIA), which can allow malicious content to be inserted into documents or interfaces, potentially leading to data theft or malware installation without the user's knowledge.
Despite Microsoft's assurances that it has implemented robust safeguards, it recommends using the feature only if the user is fully aware of the potential risks.
What Do the Experts Say?
Security experts liken Copilot Actions to the Macros in Microsoft Office, which Microsoft has long considered a double-edged sword. While Macros can easily perform useful tasks, they can also be exploited to spread malware. Security researcher Kevin Beaumont described Copilot Actions as "a Macro with superhuman capabilities," warning of its vulnerability.
Other researchers pointed out that relying on warning windows that ask for user approval may become ineffective, as many users have become accustomed to clicking "yes" without reading the details, making security measures "more formal than substantive."
Another point of contention:
Some experts asserted that Microsoft's warnings resemble a CYA maneuver—protecting the company legally without offering a real solution to the risks. They argued that the current system still lacks clear solutions for the problems of hallucinations and malicious injection, making Copilot Actions "currently unsuitable for use in sensitive tasks."