Windows 11 Copilot Actions: The Power and Peril of AI Accessing Local Files

by ddos · October 20, 2025

Microsoft has begun testing a new Copilot Actions feature in Windows 11. This experimental mode, available to Windows Insider participants in Copilot Labs, enables artificial intelligence to perform operations with local files and applications.

Copilot Actions expands upon the web-based version introduced in May, when Copilot could book tables, order groceries, and carry out other browser-based tasks. Now, the system integrates directly into Windows—opening and editing documents, managing applications, and executing repetitive tasks at the user’s request.

According to Microsoft’s blog, Copilot Actions is built on the agent-based system architecture described in the AI Agents for Beginners project. Such agents interact with the operating system much like a human would—clicking, typing, and scrolling, guided by vision and reasoning.

Microsoft notes that these new capabilities introduce potential security risks. Among them is cross-prompt injection (XPIA), where malicious content embedded in a document or interface can alter an agent’s behavior, leading to data leaks or the installation of malicious software.

To mitigate these risks, Microsoft has implemented an isolated environment called the agent workspace. Within it, Copilot operates independently from the user—under a separate account, with limited privileges and its own virtual desktop. All actions are logged, and permissions can be revoked at any time.

The feature is disabled by default and must be manually activated via Settings → System → AI components → Agent tools → Experimental agentic features. In its test phase, Copilot can access only standard folders—Documents, Downloads, Desktop, and Pictures—while any other data requires explicit user approval.

Microsoft emphasizes that all agents must be signed by trusted publishers and operate in accordance with the Responsible AI Standard and Microsoft Privacy Statement. The development of Copilot Actions is aligned with the Secure Future Initiative, which aims to strengthen Windows security in the age of autonomous agent systems.

A more detailed presentation of the feature is expected at Microsoft Ignite 2025 in November.