Windows 11 Recall Feature Still Leaking Sensitive Data: New Tests Reveal Dangerous Gaps in Microsoft’s AI Filter

Listen to this Post

Featured Image

Introduction: Privacy Nightmare or AI Innovation Gone Wrong?

Microsoft’s AI-powered Recall feature for Windows 11 was hailed as a futuristic breakthrough — an intelligent search assistant capable of remembering everything you’ve done on your PC by taking automatic screenshots of your activity. But from the moment it was announced, Recall has been plagued by criticism, especially concerning its ability (or failure) to protect users’ sensitive personal data. A new in-depth report by Avram Piltch, published on The Register, has just added more fuel to the fire, exposing critical lapses in the feature’s security mechanisms — and it’s worse than many expected.

While Recall has technically improved since its preview version, the filter responsible for blocking out personal information still makes inexcusable mistakes, ranging from logging credit card entries to capturing banking details and even password lists. The test, carried out using a Lenovo Yoga Slim 7x Copilot+ PC, highlights that AI alone isn’t enough to protect privacy, especially when the system can’t consistently recognize unlabelled or partially obscured sensitive content.

Let’s break down what the article uncovered and what these findings really mean for Microsoft, for Windows users — and for the future of AI-assisted operating systems.

Summary: Recall Still Can’t Be Trusted With Your Private Data

Recall is a Windows 11 feature built into Copilot+ PCs that uses AI and screenshots to let users perform natural language searches of their PC activity. However, despite being marketed as safe and private, new tests show Recall still struggles to identify and block sensitive data effectively.

In testing by tech journalist Avram Piltch, Recall was put through multiple real-world and simulated scenarios. Sometimes, the filter worked — for example, it blocked screenshots containing the words “payment info” or “password.” But when those labels were removed, the AI often failed to detect that the same content was private. This included:

Capturing a fake credit card entry form once labels were omitted.
Grabbing a text file full of (fake) usernames and passwords unless the word “password” was in it.
Taking screenshots of a banking website, including account balances and deposits (though account numbers were blocked).

Recording PayPal logins that exposed usernames but not passwords.

Failing to recognize and block a partially obscured passport photo, even though sensitive information was visible.

Even though Recall has improved since its preview phase — where even more data leaked — the current version is still not good enough. Critics, including Piltch, note that attackers who gain local or remote access could exploit Recall’s archives, potentially leading to major privacy breaches. Microsoft itself admits the feature is still in testing, and it’s disabled by default, but these flaws highlight serious risks.

The broader concern: Recall’s AI filter depends heavily on explicit labels or clear formats to detect sensitive data, which is wildly unrealistic in today’s diverse digital environment. As it stands, Recall could be storing information that users believed was private and protected — until it isn’t.

🧠 What Undercode Say:

The fundamental issue with Windows

The first major concern is the dependency on labels like “password” or “checkout.” The AI is not analyzing content for what it means — it’s looking for key phrases, a tactic prone to failure. Credit card fields, for instance, don’t always follow a standard structure. Many shopping platforms use custom fields or scripts that don’t say “payment” anywhere, and Recall misses these entirely.

Secondly, the partial visibility loophole is alarming. If just one app window overlaps a passport or sensitive image, Recall assumes it’s okay to snapshot it. That’s a major design flaw — the system should treat any recognizable fragment of a sensitive image as off-limits, even if obscured.

Let’s not forget the real-world consequences of this kind of slippage. With the rise in targeted malware and insider attacks, an archive like Recall’s, sitting on a PC, is a honeypot for data thieves. Even if only 10% of data slips through the cracks, that’s more than enough to compromise someone’s identity or finances.

Even Microsoft’s own defense — that Recall is disabled by default — doesn’t solve the problem. Once it’s enabled, the user might assume it’s secure, especially given Microsoft’s branding. But this false sense of security could be the most dangerous part of all.

Microsoft also claims users can report issues to improve the feature. But that effectively outsources quality assurance to the public, putting users at risk during the process.

Lastly, let’s talk about need. Most users aren’t clamoring for AI-powered memory of everything they do on their PC. If anything, the current digital climate demands more forgetfulness, more privacy by default — not the opposite. This push to inject AI into everything feels more like a corporate agenda than a user demand.

Until Recall can guarantee ironclad privacy — which seems unlikely without a radical redesign — this is one AI feature that’s better left turned off.

🔍 Fact Checker Results

✅ Recall does exclude some sensitive data — like account numbers and passport images — when clearly identifiable.

❌ It fails when labels are missing or partial visibility exists, exposing private information.

❌ Microsoft acknowledges known flaws but still releases Recall as a preview, exposing early adopters to risk.

📊 Prediction:

Expect this story to grow. With Recall still in testing and Microsoft pushing Copilot+ PCs as its flagship hardware, future disclosures will likely reveal even more privacy failures. Government watchdogs and privacy advocates may soon demand stricter regulations or oversight on AI features embedded deep into consumer operating systems. Meanwhile, trust in Windows 11’s AI ecosystem could erode, forcing Microsoft to either radically redesign Recall — or phase it out altogether.

If the current pattern holds, the Recall backlash may become another Cortana moment — a once-hyped feature that ends in quiet retirement after widespread criticism and user apathy.

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: www.techradar.com
Extra Source Hub:
https://www.quora.com/topic/Technology
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon