Microsoft has issued a serious security alert for Windows 11 users, warning them about a newly introduced experimental feature that could expose their systems to major cyber risks. The feature, known as “Agent Workspace,” is intended to automate tasks using AI, but Microsoft strongly advises users to keep it disabled unless they fully understand the potential consequences. According to the company, the feature could allow hackers to manipulate AI processes, install malware, or steal sensitive data.
The core threat involves a vulnerability called Cross-Prompt Injection Attacks (XPIA). As Windows 11 transitions toward becoming an “agentic OS,” the new AI agents require extensive read-and-write access to user files in order to perform automated tasks in the background. This expanded access, however, creates a dangerous security gap. Microsoft warns that malicious instructions hidden inside documents, webpages, or UI elements can manipulate the AI into ignoring its original safeguards. If exploited, such manipulation could lead to unauthorized data transfers, remote file access, or silent installation of harmful software.
The Agent Workspace is being rolled out to select Windows Insiders as a testing feature. It creates a simplified background user account that functions independently, allowing AI tools like Copilot to carry out multi-step tasks without user intervention. However, the broad file-system permissions granted to this agent significantly increase the risk of cyberattacks. Hackers could potentially trick the AI into modifying software, accessing personal folders, or bypassing security protections.
To reduce these risks, Microsoft has implemented several protective measures. The Agent Workspace is disabled by default, and users must intentionally turn it on while acknowledging the security warnings. The company has also introduced an isolation system that runs the AI agent inside a contained environment separate from the main user account. Microsoft emphasizes that users maintain full control and can revoke access or disable the agent at any time.
Cybersecurity experts, as well as Microsoft itself, recommend that most users avoid enabling Agent Workspace for now. The feature is designed primarily for developers and technical professionals who are experimenting with advanced AI automation. Microsoft admits that security for agentic AI systems is still evolving and will require ongoing improvements. Until those advancements are made, enabling the feature poses unnecessary risks to personal data and system integrity.
