Threat Intel Solutions

* [Application Security](/application-security)* [Data Privacy](/cyber-risk/data-privacy)* [Vulnerabilities -& Threats](/vulnerabilities-threats)* [Cyber Risk](/cyber-risk)Privacy Anxiety Pushes Microsoft Recall AI Release Again Privacy Anxiety Pushes Microsoft Recall AI Release Again=================================================================================================================The Recall AI tool will be available to Copilot+ PC subscribers in December, and can be used to record images of every interaction on the device for review later. Critics say this introduces major privacy and security concerns along with useful functionality.  [Becky Bracken, Senior Editor, Dark Reading](/author/becky-bracken)November 1, 2024 5 Min Read  Source: GK Images via Alamy Stock Photo [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/application-security/privacy-anxiety-pushes-microsoft-recall-release-again)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/application-security/privacy-anxiety-pushes-microsoft-recall-release-again)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/application-security/privacy-anxiety-pushes-microsoft-recall-release-again)[](/cdn-cgi/l/email-protection#7e410d0b1c141b1d0a432e0c17081f1d075e3f1006171b0a075e2e0b0d161b0d5e33171d0c110d11180a5e2c1b1d1f12125e3f375e2c1b121b1f0d1b5e3f191f1710581f130e451c111a0743375b4c4e0a16110b19160a5b4c4e0a161b5b4c4e1811121211091710195b4c4e180c11135b4c4e3a1f0c155b4c4e2c1b1f1a1710195b4c4e131719160a5b4c4e17100a1b0c1b0d0a5b4c4e07110b505b4e3a5b4e3f5b4e3a5b4e3f5b4c4e2e0c17081f1d075b4c4e3f1006171b0a075b4c4e2e0b0d161b0d5b4c4e33171d0c110d11180a5b4c4e2c1b1d1f12125b4c4e3f375b4c4e2c1b121b1f0d1b5b4c4e3f191f17105b4e3a5b4e3f160a0a0e0d5b4d3f5b4c385b4c38090909501a1f0c150c1b1f1a171019501d11135b4c381f0e0e12171d1f0a171110530d1b1d0b0c170a075b4c380e0c17081f1d07531f1006171b0a07530e0b0d161b0d5313171d0c110d11180a530c1b1d1f1212530c1b121b1f0d1b531f191f1710)[](https://www.reddit.com/submit?url=https://www.darkreading.com/application-security/privacy-anxiety-pushes-microsoft-recall-release-again&title=Privacy%20Anxiety%20Pushes%20Microsoft%20Recall%20AI%20Release%20Again) Microsoft has made the decision to once again delay the release of its new artificial Intelligence tool, Recall, while the company works through trying to make sure all of the handy data it delivers can’t be abused by adversaries.The Recall tool will be part of the suite of services delivered through Microsoft’s AI Assistant software, Copilot+. Recall’s job, once it’s rolled out, will be to gather ‘snapshots’ of each action on the PC to be accessible later through an easy search. The software will be able to ‘recall’ the exact moment the user saw a website, used an app, or interacted with a document.Compelling use cases aside, information security professionals have [balked at Recall’s ability to keep its snapshots secure](https://www.darkreading.com/data-privacy/microsofts-recall-feature-draws-criticism-from-privacy-advocates) from would-be threat actors. For its part, Microsoft has taken these cybersecurity concerns seriously. In June, Microsoft announced it had added new [privacy and security features to Recall](https://www.darkreading.com/application-security/microsoft-modifies-recall-ai-feature-privacy-security-failings) just days ahead of its intended rollout date. That release was ultimately pushed back to October in order to take extra steps to shore up the tool’s security. Now, the release date has been pushed back again.’We are committed to delivering a secure and trusted experience with Recall,’ according to a statement about the delay from Brandon LeBlanc, senior product manager for Windows. ‘To ensure we deliver on these important updates, we’re taking additional time to refine the experience before previewing it with Windows Insiders. Originally planned for October, Recall will now be available for preview with Windows Insiders on Copilot+ PCs by December.’Related:[News Desk 2024: Hacking Microsoft Copilot Is Scary Easy](/application-security/hacking-microsoft-copilot-is-scary-easy-news-desk-black-hat-2024)Microsoft Pledges to Secure Recall———————————-In late September, David Weston, Microsoft’s vice president of enterprise and OS security, detailed the company’s commitment to the [security of Recall data,](https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/) stressing the tool is opt-in only, encrypted, and includes malware protection; and, its data is protected in a virtualization-based security (VBS) enclave inaccessible by even admin and kernel users without biometric authentication.’Using VBS Enclaves with Windows Hello enhanced sign-in security allows data to be briefly decrypted while you use the Recall feature to search. Authorization will time out and require the user to authorize access for future sessions,’ Weston wrote. ‘This restricts attempts by latent malware trying to ‘ride along’ with a user authentication to steal data.’Weston further assured those concerned about Recall’s security that: in-private browsing information is never saved by Recall; users have an option to filter out specific sites or apps from Recall recording; content filtering keeps data like credit card and Social Security numbers from being stored; users can delete stored information by date, content, app, or website; and an icon clearly shows when snapshots are being saved, so users can easily pause the function.Related:[Cybersecurity Job Market Stagnates, Dissatisfaction Abounds](/application-security/cybersecurity-job-market-stagnates-dissatisfaction-abounds)’Recall’s secure design and implementation provides a robust set of controls against known threats,’ Weston added. ‘Microsoft is committed to making the power of AI available to everyone, while retaining security and privacy against even the most sophisticated attacks.’Is Microsoft Eyeing Claude’s ‘Computer Use’ Feature?—————————————————-It appears Microsoft is taking the warnings from the cybersecurity community about Recall’s potential business risks seriously, Bugcrowd founder Casey Ellis tells Dark Reading. Redmond might also have its eye on a recent release of a similar tool in Anthropic’s Claude AI before rolling out Recall, he adds.’After the initial reaction to Recall — and some of the security and privacy concerns raised by how it was implemented — Microsoft appears to be hastening slowly here,’ Ellis says. ‘I wouldn’t be surprised if they’re taking the opportunity to learn from how the market responds to and uses Anthropic’s ‘computer use’ feature, which is very similar to Recall from a privacy, security, and functionality standpoint.’Related:[Noma Launches With Plans to Secure Data, AI Life Cycle](/application-security/noma-launches-secure-data-ai-lifecycle)Released just days ago, the [computer use feature](https://www.anthropic.com/news/developing-computer-use) allows the latest version of Claude to interact with a computer in the same way as a human. Claude’s new feature, like Recall, ingests screenshots from Internet-connected computers. And in its Oct. 22 announcement of the release, Anthropic admitted the tool does indeed come with inherent cybersecurity risks.’In this spirit, our Trust -& Safety teams have conducted extensive analysis of our new computer-use models to identify potential vulnerabilities,’ the release announcement said. ‘One concern they’ve identified is [prompt injection — a type of cyberattack](https://www.darkreading.com/vulnerabilities-threats/ai-chatbots-ditch-guardrails-deceptive-delight-cocktail) where malicious instructions are fed to an AI model, causing it to either override its prior directions or perform unintended actions that deviate from the user’s original intent.’Anthropic added that it hopes to work out this and other issues in its public beta phase, which will certainly be of keen interest to Microsoft as it works through its Recall release.Claude, according to Anthropic, will not use this user-submitted data to train its own AI model. But when it comes to Microsoft, security consultant John Bambenek isn’t so sure Recall will adhere to the same standard.’AI systems require tons of data, which means Microsoft wants all the data on how users are interacting with their computers,’ Bambenek says. ‘I am not sure the feature is terribly useful for end users, however, it certainly is for [training future models](https://www.darkreading.com/vulnerabilities-threats/top-lessons-cisos-owasp-llm-top-10). It has enormous privacy implications, so hopefully the delay is useful in terms of minimizing the risks and potential harms to end users.’While Microsoft security teams and Anthropic’s Claude feature testing move forward, Patrick Harr, CEO of SlashNext Email Security, warns these tools remain vulnerable to cyberattack.’We continually see phishing and socially engineered attacks from professional groups, mimicking support staff that target company users either through email, other messaging apps, or even bot calls to provide remote access to their desktops,’ Harr says. ‘Once accessed into Recall, the threat actors have perfect timeline and information about that user that can be exploited. Proceed with caution until this update is done.’ [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/application-security/privacy-anxiety-pushes-microsoft-recall-release-again)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/application-security/privacy-anxiety-pushes-microsoft-recall-release-again)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/application-security/privacy-anxiety-pushes-microsoft-recall-release-again)[](/cdn-cgi/l/email-protection#c1feb2b4a3aba4a2b5fc91b3a8b7a0a2b8e180afb9a8a4b5b8e191b4b2a9a4b2e18ca8a2b3aeb2aea7b5e193a4a2a0adade18088e193a4ada4a0b2a4e180a6a0a8afe7a0acb1faa3aea5b8fc88e4f3f1b5a9aeb4a6a9b5e4f3f1b5a9a4e4f3f1a7aeadadaeb6a8afa6e4f3f1a7b3aeace4f3f185a0b3aae4f3f193a4a0a5a8afa6e4f3f1aca8a6a9b5e4f3f1a8afb5a4b3a4b2b5e4f3f1b8aeb4efe4f185e4f180e4f185e4f180e4f3f191b3a8b7a0a2b8e4f3f180afb9a8a4b5b8e4f3f191b4b2a9a4b2e4f3f18ca8a2b3aeb2aea7b5e4f3f193a4a2a0adade4f3f18088e4f3f193a4ada4a0b2a4e4f3f180a6a0a8afe4f185e4f180a9b5b5b1b2e4f280e4f387e4f387b6b6b6efa5a0b3aab3a4a0a5a8afa6efa2aeace4f387a0b1b1ada8a2a0b5a8aeafecb2a4a2b4b3a8b5b8e4f387b1b3a8b7a0a2b8eca0afb9a8a4b5b8ecb1b4b2a9a4b2ecaca8a2b3aeb2aea7b5ecb3a4a2a0adadecb3a4ada4a0b2a4eca0a6a0a8af)[](https://www.reddit.com/submit?url=https://www.darkreading.com/application-security/privacy-anxiety-pushes-microsoft-recall-release-again&title=Privacy%20Anxiety%20Pushes%20Microsoft%20Recall%20AI%20Release%20Again) About the Author—————- [Becky Bracken, Senior Editor, Dark Reading](/author/becky-bracken)
[See more from Becky Bracken, Senior Editor, Dark Reading](/author/becky-bracken) Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. [Subscribe](https://dr-resources.darkreading.com/free/w_defa3135/prgm.cgi)You May Also Like*** ** * ** ***More Insights Webinars* [Transform Your Security Operations And Move Beyond Legacy SIEM](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_palo243&ch=SBX&cid=_upcoming_webinars_8.500001500&_mc=_upcoming_webinars_8.500001500)Nov 6, 2024* [Unleashing AI to Assess Cyber Security Risk](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_dark71&ch=SBX&cid=_upcoming_webinars_8.500001492&_mc=_upcoming_webinars_8.500001492)Nov 12, 2024* [Securing Tomorrow, Today: How to Navigate Zero Trust](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa7186&ch=SBX&cid=_upcoming_webinars_8.500001490&_mc=_upcoming_webinars_8.500001490)Nov 13, 2024* [The State of Attack Surface Management (ASM), Featuring Forrester](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa7317&ch=SBX&cid=_upcoming_webinars_8.500001501&_mc=_upcoming_webinars_8.500001501)Nov 15, 2024* [Applying the Principle of Least Privilege to the Cloud](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&pc=w_wiza60&ch=SBX&cid=_upcoming_webinars_8.500001499&_mc=_upcoming_webinars_8.500001499)Nov 18, 2024[More Webinars](/resources?types=Webinar) ### Editor’s Choice[A job classifieds newspaper ](/application-security/cybersecurity-job-market-stagnates-dissatisfaction-abounds)[Application Security](/application-security) [Cybersecurity Job Market Stagnates, Dissatisfaction Abounds](/application-security/cybersecurity-job-market-stagnates-dissatisfaction-abounds)[Cybersecurity Job Market Stagnates, Dissatisfaction Abounds](/application-security/cybersecurity-job-market-stagnates-dissatisfaction-abounds) by[Tara Seals, Managing Editor, News, Dark Reading](/author/tara-seals) Oct 31, 2024 4 Min Read [CrowdStrike logo on a cellphone screen _SOPA_Images_Limited_Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)](/vulnerabilities-threats/case-against-abandoning-crowdstrike-post-outage)[Vulnerabilities -& Threats](/vulnerabilities-threats) [The Case Against Abandoning CrowdStrike Post-Outage](/vulnerabilities-threats/case-against-abandoning-crowdstrike-post-outage)[The Case Against Abandoning CrowdStrike Post-Outage](/vulnerabilities-threats/case-against-abandoning-crowdstrike-post-outage) by[Vishaal ‘V8’ Hariprasad](/author/vishaal-v8-hariprasad) Oct 31, 2024 5 Min Read [Chinese Navy guided-missile destroyer Xian steams ahead ](/cyberattacks-data-breaches/china-seabed-sentinels-spying-trump-taps)[Cyberattacks -& Data Breaches](/cyberattacks-data-breaches) [China Says Seabed Sentinels Are Spying, After Trump Taps](/cyberattacks-data-breaches/china-seabed-sentinels-spying-trump-taps)[China Says Seabed Sentinels Are Spying, After Trump Taps](/cyberattacks-data-breaches/china-seabed-sentinels-spying-trump-taps) by[Tara Seals, Managing Editor, News, Dark Reading](/author/tara-seals) Oct 31, 2024 4 Min Read Reports* [Managing Third-Party Risk Through Situational Awareness](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_cybo171&ch=&cid=_analytics_7.300006016&_mc=_analytics_7.300006016)Jul 31, 2024* [2024 InformationWeek US IT Salary Report](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_ingg253&ch=sbx&cid=_analytics_7.300006014&_mc=_analytics_7.300006014)May 29, 2024[More Reports](/resources?types=Report) Webinars* [Transform Your Security Operations And Move Beyond Legacy SIEM](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_palo243&ch=SBX&cid=_upcoming_webinars_8.500001500&_mc=_upcoming_webinars_8.500001500)Nov 6, 2024* [Unleashing AI to Assess Cyber Security Risk](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_dark71&ch=SBX&cid=_upcoming_webinars_8.500001492&_mc=_upcoming_webinars_8.500001492)Nov 12, 2024* [Securing Tomorrow, Today: How to Navigate Zero Trust](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa7186&ch=SBX&cid=_upcoming_webinars_8.500001490&_mc=_upcoming_webinars_8.500001490)Nov 13, 2024* [The State of Attack Surface Management (ASM), Featuring Forrester](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa7317&ch=SBX&cid=_upcoming_webinars_8.500001501&_mc=_upcoming_webinars_8.500001501)Nov 15, 2024* [Applying the Principle of Least Privilege to the Cloud](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&pc=w_wiza60&ch=SBX&cid=_upcoming_webinars_8.500001499&_mc=_upcoming_webinars_8.500001499)Nov 18, 2024[More Webinars](/resources?types=Webinar) White Papers* [Insider Risk Programs: 3 Truths and a Lie](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa7106&ch=SBX&cid=_whitepaper_14.500005800&_mc=_whitepaper_14.500005800)* [2024 Cloud Security Report](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_tren83&ch=SBX&cid=_whitepaper_14.500005795&_mc=_whitepaper_14.500005795)* [A CISO’s Guide to Geopolitics and CyberSecurity](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6908&ch=SBX&cid=_whitepaper_14.500005778&_mc=_whitepaper_14.500005778)* [5 Essential Insights into Generative AI for Security Leaders](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_senu26&ch=SBX&cid=_whitepaper_14.500005772&_mc=_whitepaper_14.500005772)* [How to Use Threat Intelligence to Mitigate Third-Party Risk](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_cybo172&ch=&cid=_whitepaper_14.500005744&_mc=_whitepaper_14.500005744)[More Whitepapers](/resources?types=Whitepaper)

Related Tags:
NAICS: 519 – Web Search Portals

Libraries

Archives

Other Information Services

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 51 – Information

Blog: Dark Reading

Phishing

Software Discovery: Security Software Discovery

Software Discovery

Screen Capture

Associated Indicators: