I was just thinking the other day how agentic AI is akin to letting an elderly person using a computer. You can tell it what to do, but you’ll end up with it clicking the very first link in g••gle and downloading 3 viruses and ending up with 40 new unwanted and potentially malicious browser extensions.

I assure you that your grandma does not “understand the security implications”. This is like handing out loaded guns to preschoolers and telling them not to shoot each other.

Only enable this feature if you understand the security implications.

They should put that disclaimer on their entire operating system.

Waiting for my bank to warm me that their new and mandatory AI advisor might send my savings to a nigerian prince without my or the banks knowledge. Such transactions are not insured and all risk lies with the customer of course.

Now they say only enable it if you understand the security implications, but eventually they’ll downplay the security implications and enable it by default.

“AI applications introduce novel security risks, such as cross-prompt injection (XPIA), where malicious content embedded in UI elements or documents can override agent instructions, leading to unintended actions like data exfiltration or malware installation.”

Exfiltrating data and installing malware are the tasks it was designed to do, the warning is that it might be done by someone other than Microsoft I guess.

If it’s possible to install malware with AI without you knowing about it, why on earth would they push this out as a feature?

relevant - Is Windows a virus?: http://danny.oz.au/danny/humour/windows.html

Is this a joke?!?!