Microsoft is updating Windows 11 to support agentic artificial intelligence features that allow software agents to perform tasks inside the operating system based on simple user commands. The company says these agents can take actions such as opening a web browser, searching for a service, and entering payment and address details on behalf of the user. The capability appears in Windows 11 Build 26220.7262 as a new toggle hidden in Settings > System under an ‘Artificial intelligence components’ section and is optional and manually enabled by users.
When users enable the setting, Microsoft displays a clear warning: ‘These features are still being tested and may impact the performance or security of your device.’ The company highlights security as the primary concern for agentic functionality. Because the agents can interact with web content and local interfaces automatically, Microsoft and reporting outlets flag potential attack vectors that did not exist in the same way before these features were introduced. The feature is experimental and presented as an opt-in toggle labeled ‘experimental agentic features’ in the build noted by reporting from Windows Latest.
One specific class of vulnerability called cross-prompt injection is described as particularly problematic. In these attacks, malicious directives are concealed inside ordinary documents, interface elements, or web content so that the agent reinterprets or overrides its original instructions and carries out unintended actions. Consequences include the agent installing malware, transmitting sensitive data such as credit card information and addresses to third parties, and other unauthorized operations. The article underscores that these risks are inherent to making agents more capable within the operating system and that users must enable the experimental features deliberately, accepting the stated security trade-offs.
