<
https://pivot-to-ai.com/2025/11/19/whoops-microsofts-new-windows-ai-agent-platform-lets-in-malware/>
"You might foolishly think the purpose of Microsoft Windows was to run your
programs so you can do stuff.
But Microsoft understands that what you
really want is an agentic AI-first
computer platform. Who wants to get work done when they could be arguing with
Copilot?
How do you manage all these incredibly secure and reliable AI agents? Microsoft
brings you: the Agent 365 platform!
Even better, you’ll be getting the same great capabilities in Windows 11.
Microsoft has put a full Copilot agent into preview builds. The agent platform
runs in the background, all the time, with full access to all your personal
files.
There’s just one teensy problem — Microsoft’s built a welcome mat for malicious
software:
Agentic AI applications introduce novel security risks, such as cross-prompt
injection (XPIA), where malicious content embedded in UI elements or
documents can override agent instructions, leading to unintended actions
like data exfiltration or malware installation.
Fortunately, Microsoft has duly warned you it’s
your problem to keep the
agent system switched off, and to check the agents to make sure they don’t do
bad things. And can’t be prompt-injected.
You can do all that, right? That’s what you bought a computer to do, right?
Watch battling malware agents play Robot Wars?"
Cheers,
*** Xanni ***
--
mailto:xanni@xanadu.net Andrew Pam
http://xanadu.com.au/ Chief Scientist, Xanadu
https://glasswings.com.au/ Partner, Glass Wings
https://sericyb.com.au/ Manager, Serious Cybernetics
