“The vault is solid, the delivery truck is not” — strong key storage, shaky transfer: why this Windows Recall feature raises new security questions
April 20, 2026
Windows Recall has reemerged in the spotlight, but not for the reasons Microsoft had hoped. Initially unveiled in 2024, this AI-driven tool was designed to capture snapshots of users’ screens at regular intervals and utilize on-device AI to analyze and categorize that content. The promise was enticing: a natural language search capability that would allow users to find anything they had ever done on their computers with ease.
However, the journey to broad availability has been fraught with challenges. Following its announcement, Microsoft postponed the rollout for over a year in response to significant security concerns raised by cybersecurity experts. The tool was labeled a potential security nightmare, raising alarms about its vulnerability to hacking.
Security Measures and Concerns
When Windows Recall finally launched in April 2025, it came equipped with enhanced security features. Notably, it was isolated within a “VBS Enclave,” rendering it unreadable to third-party applications. Additionally, the system was designed to filter out sensitive information such as passwords and credit card details. Despite these measures, the tool’s architecture has raised eyebrows.
Security researcher Alexander Hagenah pointed out a critical flaw: once a user authenticates, Windows Recall data is transmitted to a separate process known as d AIXHost.exe, which lacks the same level of security as the main tool. This has led to the development of a tool named TotalRecall Reloaded, which can inject a DLL file into AIXHost.exe without requiring administrative privileges. This means that sensitive data, including snapshots and OCR’d text, can be accessed even after a user has ceased using Windows Recall.
The VBS enclave won’t decrypt anything without Windows Hello. The tool doesn’t bypass that. It makes the user do it, silently rides along when the user does it, or waits for the user to do it.
Moreover, TotalRecall Reloaded can retrieve recent snapshots, gather metadata from the Recall database, and even delete the entire database without the need for Windows Hello authentication. Despite reporting this vulnerability to Microsoft’s Security Response Center in March, the company classified the issue as “not a vulnerability” and indicated that no significant plans were in place to address it.
In light of user backlash, Microsoft has begun to reassess its AI initiatives within Windows 11, including scaling back features like Copilot. Windows Recall itself is under review, suggesting that a transformation may be on the horizon. Meanwhile, privacy-centric organizations such as Brave, Signal, and AdGuard for Windows have introduced features to block Windows Recall from capturing screen snapshots.
As the conversation around user privacy and security continues to evolve, it is clear that Microsoft faces mounting pressure to enhance its security protocols. Experts advocate for a halt to automatic recovery handoffs until a more secure transfer path is established, alongside a transparent threat model and mitigation strategy. Users deserve the ability to opt out of features that may compromise their security—anything less would be a disservice to their trust.
Do you use Windows Recall on Windows 11? Let me know in the comments.
“The vault is solid, the delivery truck is not” — strong key storage, shaky transfer: why this Windows Recall feature raises new security questions
Windows Recall has reemerged in the spotlight, but not for the reasons Microsoft had hoped. Initially unveiled in 2024, this AI-driven tool was designed to capture snapshots of users’ screens at regular intervals and utilize on-device AI to analyze and categorize that content. The promise was enticing: a natural language search capability that would allow users to find anything they had ever done on their computers with ease.
However, the journey to broad availability has been fraught with challenges. Following its announcement, Microsoft postponed the rollout for over a year in response to significant security concerns raised by cybersecurity experts. The tool was labeled a potential security nightmare, raising alarms about its vulnerability to hacking.
Security Measures and Concerns
When Windows Recall finally launched in April 2025, it came equipped with enhanced security features. Notably, it was isolated within a “VBS Enclave,” rendering it unreadable to third-party applications. Additionally, the system was designed to filter out sensitive information such as passwords and credit card details. Despite these measures, the tool’s architecture has raised eyebrows.
Security researcher Alexander Hagenah pointed out a critical flaw: once a user authenticates, Windows Recall data is transmitted to a separate process known as d AIXHost.exe, which lacks the same level of security as the main tool. This has led to the development of a tool named TotalRecall Reloaded, which can inject a DLL file into AIXHost.exe without requiring administrative privileges. This means that sensitive data, including snapshots and OCR’d text, can be accessed even after a user has ceased using Windows Recall.
Moreover, TotalRecall Reloaded can retrieve recent snapshots, gather metadata from the Recall database, and even delete the entire database without the need for Windows Hello authentication. Despite reporting this vulnerability to Microsoft’s Security Response Center in March, the company classified the issue as “not a vulnerability” and indicated that no significant plans were in place to address it.
In light of user backlash, Microsoft has begun to reassess its AI initiatives within Windows 11, including scaling back features like Copilot. Windows Recall itself is under review, suggesting that a transformation may be on the horizon. Meanwhile, privacy-centric organizations such as Brave, Signal, and AdGuard for Windows have introduced features to block Windows Recall from capturing screen snapshots.
As the conversation around user privacy and security continues to evolve, it is clear that Microsoft faces mounting pressure to enhance its security protocols. Experts advocate for a halt to automatic recovery handoffs until a more secure transfer path is established, alongside a transparent threat model and mitigation strategy. Users deserve the ability to opt out of features that may compromise their security—anything less would be a disservice to their trust.
Do you use Windows Recall on Windows 11? Let me know in the comments.