Microsoft Beefs up Security of Windows AI Tool After Outcry

(Bloomberg) -- Microsoft Corp. says a key new feature in an upcoming line of artificial intelligence-branded PCs will be shipped in the “off” position after cybersecurity experts said the tool created an alluring target for hackers.

Recall, a Windows feature unveiled last month, creates a record of everything users do on their PCs, making it easier to sort through one’s emails, browsing history or files. The feature does that by periodically taking screenshots that can be read and analyzed by Microsoft algorithms.

Recall immediately set off alarm bells for security researchers, already wary of Microsoft’s security practices following a number of high-profile hacks. Some quickly set out to demonstrate that bad actors could indeed access and scoop up records that are gathered by the tool and stored locally on a user’s PC. The new vulnerability cast doubt on Chief Executive Officer Satya Nadella’s pledge to put cybersecurity before product development. 

On Friday, the world’s largest software maker announced a set of changes coming to Recall before the preview version of the software ships to customers later this month. The tool will be disabled rather than enabled by default, with users given the option at setup to activate it. “If you don’t proactively choose to turn it on, it will be off by default,” Pavan Davuluri, Microsoft’s Windows chief, said in a blog post.

Related:Microsoft Build 2024 Links Past Innovations to an AI-Driven Future

Davuluri also said Recall users would be required to activate a feature called Windows Hello, which relies on facial or fingerprint recognition or a login pin to access a device. The company is also working to make sure that Recall’s snapshots are encrypted when a user isn’t logged in.

Recall is among various AI features being embedded in Windows for a line of computers that Microsoft calls Copilot+PC, part of the company’s ongoing effort to take on rivals like Apple Inc. and Alphabet Inc.’s Google.