Platform-Wide AI and Enterprise Security: The Recall Issue

Whenever an AI product due for rollout is delayed suddenly, many questions begin circulating in the media. The official reasoning why will open the floodgates of many people online spouting their ideas of what the problem has been.

Microsoft has recently revealed the delay of their controversial artificial intelligence (AI) powered Recall feature for Copilot+PCs. Microsoft’s official reasoning was to shift from general availability to a preview available first in the Windows Insider Program (WIP) to ensure the experience meets the high standard for security and quality.

Recall Planned Release

First unveiled in May, Recall was planned for a broad release in mid-June, 2024, but was met with wide controversy and derided as a privacy and security risk – a bullseye target for threat actors looking for access to sensitive data.

The feature was developed to enable screenshotting of everything users do on a PC and use them as a searchable database through an on-device AI model. Microsoft was extremely secretive about Windows Recall throughout its development, opting not to perform public testing as part of the Windows Insider Program. The backlash would prompt Redmond to make Recall an opt-in feature and implement other security changes that would require users to authenticate through Windows Hello to be able to view any content.

Redmond also would state that the feature would be protected by ‘just in time’ decryption, ensuring any snapshots are only decrypted and accessible when authenticated by biometrics or a PIN.

Immediate Delay

The delay trailed the testimony to Congress House Committee on Homeland Security by Microsoft President Brad Smith, documenting the company’s lapses in security following high-profile data breaches by Chinese and Russian state hackers.

Microsoft committed to prioritizing security issues over its AI development. The delay in Recall has fueled the growing scrutiny and caution around the many deployments of AI capabilities in enterprises, with many battling the balance of innovation and responsible and trustworthy use.

Experts were quick to label Recall a disaster after it was tested by cybersecurity specialist Kevin Beaumont. Warning that hackers would have access to sensitive information that gets stored in the Recall database, it was suggested that IT teams deselect Windows Recall on Windows 11 devices for six months so it can be re-evaluated.

The AI software does have a lot of potential, but the priority comes with the security concerns it poses at the earliest stage.

For more information on enterprise security and future cybersecurity conferences, check out the upcoming events from Whitehall Media.