Security Researcher Calls Windows 11 AI 'Recall' Screenshotting Feature a Disaster [Updated]

by

Last month, Microsoft announced the upcoming launch of Copilot+ Windows PCs with integrated AI hardware and software. One feature that Microsoft touted was Recall, a tool that's designed to take regular snapshots of PC content to help users find anything they've seen or done on their machine.


As it turns out, Recall might be a security nightmare for Windows users. Security expert Kevin Beaumont recently said (via The Verge) that he was able to automate a program that provides plain text data of everything a user has viewed, despite Microsoft's claims that Recall information cannot be exfiltrated remotely.

Beaumont claims that Recall is "essentially an infostealer" that's included in Windows by default, and that it will "set cybersecurity back a decade by empowering cybercriminals." With Recall, hackers are able to scrape "everything you've ever looked at within seconds," and users should prepare for "AI powered super breaches."

Microsoft describes Recall as a feature that lets you "search across time to find the content you need." Powered by AI, Recall takes snapshots every five seconds when content on the screen is different from the prior snapshot and stores the snapshots in a timeline, with AI software using OCR to make the text in the snapshots searchable. Microsoft says that snapshots are locally stored and are analyzed on-device, which should make them secure, but the OCR data is stored in an SQLite database that could be accessed by hackers who infiltrate a PC using malware.

According to Beaumont, infostealer trojans are able to be "easily modified to support Recall" and data from the feature can be accessed remotely. Microsoft "tried to do a bunch of things" to improve security, but ultimately, "none of it actually works properly in the real world." The database that is theoretically accessible by malicious actors contains everything a user has seen such as text messages and passwords, every user interaction, and all websites visited (with the exception of Microsoft Edge in Private Mode).

Beaumont has not shared full technical details on how he automated exfiltration of the Recall database, and is holding until Recall is shipped because he wants to give Microsoft "time to do something." Beaumont recommends that Microsoft pull the feature for the time being.

Copilot+ PCs with Recall are set to launch on June 18. As of now, Recall is turned on by default, though users can optionally disable it.

Update: Given the response to Recall, Microsoft has decided to make it an opt-in feature rather than an opt-out feature. It will no longer be on by default, and there will be an option to opt in or opt out when setting up a Copilot+ PC. Windows Hello will also be required to turn on Recall for an extra layer of authentication. Windows Hello requires a face scan, fingerprint, or PIN to access a machine. Proof of presence will be required as well, so a screenshot timeline won't be accessible without authentication.

To address concerns about the accessibility of the database that Recall creates, Microsoft is adding additional layers of protection linked to authentication, and the search index database has been encrypted.

Tag: Microsoft

Popular Stories

iOS 26 Feature

iOS 26.1 to iOS 26.4 Will Add These New Features to Your iPhone

Wednesday October 1, 2025 1:26 pm PDT by
iOS 26 was released last month, but the software train never stops, and iOS 26.1 beta testing is already underway. So far, iOS 26.1 makes both Apple Intelligence and Live Translation on compatible AirPods available in additional languages, and it includes some other minor changes across Apple Music, Calendar, Photos, and Safari. More features and changes will follow in future versions,...
Read Full Article
iPhone 17 vs Air and Pros Feature

New iPhones See 'Stronger Than Expected' Demand With One Exception

Thursday October 2, 2025 7:26 am PDT by
Nearly two weeks after the iPhone 17 series launched, analysts at investment banking firm Morgan Stanley said demand for the devices has been "modestly stronger than we originally expected," based on a combination of extended shipping estimates on Apple's online store and information it gathered from Apple's supply chain. There has been strong early demand for the iPhone 17, iPhone 17 Pro,...
Read Full Article248 comments
macbook air prime day 2025

M5 MacBook Air: Release Date, Features, and Performance Predictions

Friday October 3, 2025 3:39 am PDT by
The MacBook Air is Apple's most popular laptop – a thin, fanless machine that wields quiet power thanks to the efficiency of Apple silicon. While the M4 model isn't exactly old, attention is already turning to its successor. Apple doesn't telegraph new product launches ahead of time, but we can draw a surprisingly clear picture of what to expect by looking at Apple's silicon roadmap,...
Read Full Article67 comments
Tim Cook Rainbow

Apple Event in October? Here's What to Expect

Monday September 29, 2025 9:31 am PDT by
Apple's annual iPhone event is in the rearview mirror, but rumors suggest the company plans to release a handful of additional products before the year ends. Will there be another Apple event this October? We discuss the possibility below. Apple in October Apple's most recent October events were in 2021 and 2023. In 2022 and 2024, Apple did not host an October event. Instead, it...
Read Full Article63 comments
maxresdefault

The MacRumors Show: Leaks Reveal What Apple Products Are Coming Next

Friday October 3, 2025 8:05 am PDT by
On this episode of The MacRumors Show, we discuss the latest leaks about the next-generation iPad Pro, MacBook Pro, Studio Display, and Vision Pro. Subscribe to The MacRumors Show YouTube channel for more videos Earlier this week, an apparent unboxing video of an updated iPad Pro with the M5 chip was shared online. The same YouTube account leaked the 14-inch MacBook Pro with the M4 chip...
Read Full Article11 comments
space black mbp

Here's Every New Apple Product That Leaked Yesterday

Wednesday October 1, 2025 8:27 am PDT by
A handful of upcoming Apple products leaked yesterday, through a combination of YouTube videos out of Russia and U.S. Federal Communications Commission (FCC) documents that were released, despite Apple's confidentiality requests. The leaked products include an iPad Pro with an M5 chip, as well as updated MacBook Pro and Apple Vision Pro models. All of these devices had already been rumored...
Read Full Article38 comments
Apple 2025 Thumb 1

Apple's 2025 Product Roadmap: What's Still Coming

Wednesday October 1, 2025 3:56 pm PDT by
Apple's two big yearly events, WWDC and the iPhone launch, are done and over with, but there are still some new products that we're expecting to see before the end of the year. Apple TV The Apple TV hasn't been updated since 2022, so it's due for a refresh. It doesn't look like Apple is going to change the design of its set-top box, but we can expect a faster chip Apple code suggests...
Read Full Article91 comments
iOS 26 Feature

iOS 26 Adds These 200 New Features and Changes to Your iPhone

Saturday October 4, 2025 8:19 am PDT by
Apple's website offers a list of nearly 200 new features and changes (PDF file) included in the software update, released last month. Apple also shared equivalent lists for iPadOS 26 and macOS Tahoe. iOS 26 is compatible with the iPhone 11 and newer. To install the update, open the Settings app on your iPhone, tap on General, and tap on Software Update. Below, we have highlighted eight ...
Read Full Article

Top Rated Comments

vertsix Avatar
vertsix
18 months ago
I hate all this AI ****.

There, I said it.
Score: 93 Votes (Like | Disagree)
EightBitJoe Avatar
EightBitJoe
18 months ago
Hey, what could be the harm, right? It's Microsoft! I trust them.

Them. Them.

I. I. I trust. Trrrrrrrrr.

?SYNTAX ERROR IN LINE 39737

GENERAL FAILURE READING DRIVE C. ABORT, RETRY, FAIL?

Thank you for using BillGPT. Goodbye.
Score: 52 Votes (Like | Disagree)
StralyanPithecus Avatar
StralyanPithecus
18 months ago

I hate all this AI ****.
Another tool developed to spy on users.
Score: 31 Votes (Like | Disagree)
Delivered Avatar
Delivered
18 months ago

imagine if Apple did this
As someone who loves apple products and uses a lot of them, I am a harsh critic of apple because I want their stuff be great for me to keep using it. When Apple anounced the photo scanning locally on device the techsphere nearly brought the internet down on apple.

Microsoft does this and because they slapped AI/chatgpt/copiolot we all just What say “I hope they nail the security“ This is a flaw at the core. It takes pictures of the passwords as you enter them. That’s so lazy it’s unreal. Microsoft and google wasted no time throwing off the “we care about privacy” hats and double way down on ”feed us data for AI”.

Good luck “turning it off” Microsoft‘s privacy settings are AWFUL. I tried going through it I have no idea and the next update will probably just switch it back on, change a setting w/e. It’s ridiculous.
Score: 28 Votes (Like | Disagree)
DHagan4755 Avatar
DHagan4755
18 months ago

As of now, Recall is turned on by default, though users can optionally disable it.
Is it really off when it's disabled?
Score: 25 Votes (Like | Disagree)
JosephAW Avatar
JosephAW
18 months ago
It’s just a fancy key-logger. o_O
Score: 22 Votes (Like | Disagree)
Read All Comments