Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Copilot Actions for Windows 11 adds isolated, signed AI agent controls

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft is rolling out Copilot Actions for Windows 11, adding isolated AI-agent controls that reduce risk when agents act on local files and applications. The feature begins with Windows Insiders in Copilot Labs and is turned off by default. Microsoft says each agent uses a distinct standard account, a separate Agent Workspace, and digitally signed agents to support revocation of compromised certificates. The rollout matters because it brings agentic AI into the desktop with explicit privilege, isolation, and monitoring guardrails.

Related Happenings

Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale

Security Tool/Service
First: 13.05.2026 16:46 Last: 13.05.2026 16:46 Sources 1

About this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....

Open Happening

MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy

Campaign
First: 06.05.2026 16:02 Last: 06.05.2026 16:02 Sources 1

About this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...

Open Happening

Microsoft Teams remote assistance abuse mitigation

Advisory/Mitigation
First: 20.04.2026 18:11 Last: 20.04.2026 18:11 Sources 1

About this happening: **Microsoft** issued mitigation guidance to curb **Teams-adjacent remote assistance abuse**, warning that external contacts should be treated as untrusted and that **remote assist...

Open Happening

External Microsoft Teams helpdesk-impersonation campaign

Campaign
First: 20.04.2026 18:11 Last: 20.04.2026 18:11 Sources 1

About this happening: A **campaign** abusing **external Microsoft Teams collaboration** is letting attackers impersonate **IT/helpdesk staff**, gain remote access, and stage **targeted data exfiltratio...

Open Happening

Microsoft Windows April 2026 protections for malicious .rdp files

Security Tool/Service
First: 15.04.2026 01:23 Last: 15.04.2026 01:23 Sources 1

About this happening: **Microsoft** shipped **April 2026 cumulative updates** for **Windows 10** and **Windows 11** that add warnings and disable risky shared resources by default when users open **.rd...

Open Happening

Timeline

  1. 16.10.2025 16:00 2 articles · 7mo ago

    Copilot Actions rollout to Windows Insiders

    Initial Disclosure

    Microsoft introduced Copilot Actions for Windows 11, a Copilot feature that lets AI agents perform tasks on local files and applications. The rollout is planned first for Windows Insiders in Copilot Labs, with each agent using its own standard account and isolated Agent Workspace implemented as a Windows Remote Desktop child session, access to standard data folders controlled by Windows access control lists (ACLs), the feature turned off by default, and agents cryptographically signed so compromised or malicious certificates can be revoked.

    Show sources
    Open in new tab