prompt injection Archives

Winsage

December 11, 2025

Microsoft’s Latest ‘Patch Tuesday’ Update Fixes These Three Zero-Days

Microsoft's December Patch Tuesday update addresses three critical zero-day vulnerabilities and a total of 56 bugs, including: - 28 elevation-of-privilege vulnerabilities - 19 remote-code-execution vulnerabilities - 4 information-disclosure vulnerabilities - 3 denial-of-service vulnerabilities - 2 spoofing vulnerabilities Three remote code execution flaws are classified as "critical." One zero-day vulnerability, CVE-2025-62221, allows attackers to gain SYSTEM privileges through the Windows Cloud Files Mini Filter Driver. The other two vulnerabilities fixed are: - CVE-2025-64671: A remote code execution vulnerability in GitHub Copilot for Jetbrains, exploitable via Cross Prompt Injection. - CVE-2025-54100: A PowerShell remote code execution vulnerability that can execute scripts from a webpage using Invoke-WebRequest. CVE-2025-62221 is attributed to MSTIC and MSRC, CVE-2025-64671 was disclosed by Ari Marzuk, and CVE-2025-54100 was identified by multiple security researchers.

Winsage

December 8, 2025

Microsoft’s AI Push in Windows Raises Privacy and Trust Concerns

Microsoft has integrated artificial intelligence (AI) into various components of its ecosystem, including the Windows operating system and productivity applications like Office and Teams. This integration has raised privacy concerns, particularly regarding features like Recall, which captures user activities. Microsoft postponed the rollout of Recall due to backlash over potential security risks. AI-driven advertisements and suggestions have also blurred the line between helpful tools and intrusive marketing, leading to debates about data ownership and ethical implications. Critics argue that Microsoft’s AI efforts do not align with user expectations and amplify privacy risks, especially with data collection practices in Bing and Edge browsers prompting regulatory scrutiny. Despite significant investments in AI, there are challenges in monetizing these advancements, as indicated by adjustments to sales growth targets. Microsoft has faced internal concerns about overbuilding infrastructure and the financial viability of scaling AI resources. While developers find promise in AI tools like Visual Studio and GitHub Copilot, which enhance workflows, there are associated risks such as security vulnerabilities. Microsoft acknowledges these dangers and advises caution among insiders testing new features. The company’s philosophical stance on AI emphasizes ethical development aligned with human values, although critics express concerns about the potential risks of rapid deployment without adequate safeguards. For customers, Microsoft’s focus on AI has led to frustrations due to bugs introduced by AI experiments and the unreliability of AI agents in enterprise settings. The company’s partnership with OpenAI aims for AI dominance, but questions remain about the technology's appeal to the masses. Microsoft must balance innovation with user-centric design while addressing privacy, security, and ethical concerns to maintain its leadership position in the AI landscape.

Winsage

December 1, 2025

Microsoft confirms that its new AI agent in Windows 11 hallucinates like every other chatbot and poses security risks to users

Microsoft has introduced agentic AI capabilities for Windows 11 through the 26220.7262 update, aligning with the trend of using large language models to enhance user experiences. The company has warned about potential risks associated with these new features, including the possibility of "hallucinations" and "novel security risks," specifically highlighting a vulnerability known as cross-prompt injection (XPIA). This flaw could allow malicious content to override agent instructions, leading to unintended actions like data exfiltration or malware installation. Microsoft’s move to integrate these AI features reflects a response to competitive pressures in the tech industry, despite the known flaws and security vulnerabilities associated with them.

Winsage

December 1, 2025

Microsoft Warns: Windows 11 Agentic Features May Hallucinate

Windows 11 will introduce "Experimental agentic features" with the installation of Build 26220.7262, which users must manually enable. These features are in an experimental phase and may affect device performance. Microsoft warns of potential security vulnerabilities, particularly from emerging attack techniques like cross-prompt injection, which can lead to harmful commands being executed. The agents operate within an "Agentic Workspace" with scoped, auditable accounts, but unlike Windows Sandbox, they persist across sessions, increasing the attack surface. By default, agents have read and write access to common folders, which presents additional vulnerabilities. Microsoft is working on improving security measures, including more granular permissions and defenses against prompt injection.

Winsage

December 1, 2025

Microsoft says AI agents are “risky”, but it’s moving ahead with the plan on Windows 11

Microsoft is integrating AI agents into Windows 11, despite acknowledging risks such as hallucinations, unpredictable behavior, and vulnerabilities to cyber threats like Cross Prompt Injection (XPIA). The company plans to transform every Windows 11 PC into an AI-powered machine by introducing features like Copilot Voice, Copilot Vision, and Copilot Actions. The Windows 11 taskbar will feature a new "Ask Copilot" interface for users to interact with AI agents. These agents will operate under separate accounts with limited permissions, controlled folder access, and tamper-evident logs, but still have access to personal folders like Documents and Downloads. The Agent Workspace is a key feature that allows AI agents to perform tasks in a controlled environment, separate from the user's session. Agents can interact with applications and execute multi-step tasks while being monitored. Microsoft employs the Model Context Protocol (MCP) to regulate agent interactions with applications, ensuring security and proper permissions. Despite concerns over privacy and security, Microsoft believes that integrating AI is essential for keeping Windows competitive. The company has faced backlash over previous features like Recall, which raised privacy issues, and must work to rebuild trust with users. The experimental AI features are currently optional, and Microsoft aims to demonstrate their value to encourage acceptance.

AppWizard

November 30, 2025

Signal’s president warns AI agents are an existential threat to secure messaging apps

Meredith Whittaker, president of Signal, expresses strong concerns about the rise of AI agents, describing them as an “existential threat” to secure messaging platforms and app developers. AI agents require access to sensitive information, creating new vulnerabilities that can be exploited by cybercriminals. Whittaker points out the risk of prompt injection attacks, which can manipulate AI to execute harmful actions, leading to data breaches. She argues that unrestricted access to user communications by AI agents poses a significant risk to privacy and security, undermining the foundational security of the internet. Whittaker criticizes the reckless implementation of AI by Big Tech companies, suggesting it compromises cybersecurity in favor of rapid deployment and financial pressures.

Winsage

November 30, 2025

Microsoft Issues Warning To Windows 11 Users – This AI Feature Can Install Viruses

Microsoft is transitioning to Windows 11 with the introduction of an "agentic OS," featuring experimental components called Agent Workspace, currently available to select Windows Insiders. These agentic features will be disabled by default due to potential security risks, including cross-prompt injection (XPIA) that could allow unauthorized access to user files. When activated, agent accounts can access the user profile directory, which raises concerns about data exfiltration and malware installation. The AI applications, including Copilot, will have visibility into the entire display, prompting users to consider privacy implications. Agent workspaces are designed to provide scoped authorization and runtime isolation, allowing users to manage access to files while using their devices. However, initial user reactions have been mixed, with ongoing concerns about security and functionality.

Winsage

November 20, 2025

Sure, Why Not: Windows 11 AI Agents Might Install Malware On Your PC

Microsoft's recent update highlights the risks associated with its new "Experimental Agentic Features" in AI, which are designed to interact with user applications and files. These AI agents can perform complex tasks but may also produce unexpected outputs and introduce security risks, such as cross-prompt injection (XPIA), leading to potential data exfiltration or malware installation. While Microsoft emphasizes the need for human oversight in AI-generated decisions, concerns about data integrity and system safety persist. The term "hallucinations" is used to describe instances of erroneous outputs from AI, suggesting a broader issue within generative AI technology. Currently, Windows 11’s agentic workspace feature is disabled by default, but the long-term status of this safeguard is uncertain as Microsoft integrates AI further into its products.

Winsage

November 19, 2025

Critics scoff after Microsoft warns AI feature can infect machines and pilfer data

User safety measures in AI security depend on user engagement with dialog windows that outline risks and require consent. However, users may not fully understand these prompts or may become habituated to clicking "yes," which diminishes the effectiveness of security measures. Earlence Fernandes, an AI security professor, highlighted that reliance on user interaction can compromise security boundaries. The rise of "ClickFix" attacks illustrates vulnerabilities when users are misled, and factors like user fatigue or emotional distress can lead to mistakes. Critics argue that companies like Microsoft use warnings more as legal safeguards than genuine protective measures, shifting liability to users. This concern extends to other major tech companies, which often change AI features from optional to default settings without user consent.