Full Report
Copilot on Windows 11 is testing OS-level integration that would allow you to share your favourite apps' screen with Copilot. [...]
Analysis Summary
# Main Topic
Testing of OS-level integration for Windows 11 Copilot, specifically enabling Copilot Vision (screen sharing) and File Search capabilities with user-accessible data.
## Key Points
- **Copilot Vision (Screen Sharing):** Allows users to share their active application screen with Copilot AI for real-time analysis, guidance, and querying (e.g., finding settings within an app).
- **Cloud Processing Implication:** The screen data processing for Copilot Vision is noted to be cloud-based, not relying on local AI models, raising potential privacy implications as Microsoft has not yet clarified data processing/encryption methods outside the testing phase.
- **File Search Capability:** Introduces the ability for users to query Copilot using natural language (e.g., "Can you find my resume?") to locate and interact with files stored on the local PC.
- **Supported File Types:** Copilot File Search can currently read contents from .docx, .xlsx, .pptx, .txt, .pdf, and .json files.
- **Availability:** Both features are currently rolling out gradually to participants in the Windows Insider Program.
## Threat Actors
- No specific threat actors, groups, or campaigns are mentioned in relation to these new features, as the context describes a pre-release software implementation by Microsoft.
## TTPs
- **T1558.003 (Credential Dumping):** (Not explicitly mentioned, but context relates to AI accessing local data, implying potential escalation risk if permissions are misused.)
- **T1003.001 (OS Credential Dumping):** (Not applicable in this context as reporting is about testing features, not exploitation.)
- **Focus:** The primary interaction methodology involves granting the Copilot service access to screen content and local file structures for AI processing.
## Affected Systems
- **Operating System:** Windows 11.
- **Users Affected:** Currently limited to Windows Insiders testing the preview builds containing these features.
- **Technologies:** Copilot AI service integrated at the OS level.
## Mitigations
- **Wait for Official Release/Privacy Documentation:** Users are advised to be aware of the privacy implications related to cloud processing of screen data until Microsoft clarifies policies upon full release.
- **Insider Program Awareness:** Users participating in the Windows Insider Program should proceed with caution regarding the data shared via Copilot Vision until full security audits and privacy details are public.
- **Control Access (General Principle):** While not explicitly stated for these features, standard security practice suggests limiting access to sensitive applications or folders before interacting with new, cloud-connected AI features.
## Conclusion
The integration of Copilot Vision and File Search represents a significant expansion of AI capabilities atop the Windows 11 operating system, granting the cloud-based service deep access to user screen activity and local documents. From a threat intelligence perspective, the immediate concern is the lack of transparency regarding data handling (processing and encryption) for sensitive information being sent off-device via Copilot Vision during this testing phase. Organizations should monitor for subsequent security advisories related to these new data flows once the features move beyond the Insider Program.