Microsoft announced the Recall AI feature on Windows 11 to much fanfare at the recent Surface event. It's the superior AI feature coming to Windows 11 version 24H2 and launching exclusively on Copilot+ PCs, powered by Snapdragon X-series processors. Microsoft says recall processing is done locally on the device using the dedicated NPU. And the Recall vector database is encrypted with BitLocker.

However, Kevin Beaumont, a security researcher, points out that the rollback feature is a security disaster. He says the local Recall database can be easily hacked by malicious actors. The vector index is actually a SQLite database, saved in the "AppData" folder. The researcher further shows that the Recall database can also be viewed in plain text. Microsoft told the media that a hacker cannot remotely exfiltrate Copilot+ Recall activity. Reality: how do you think hackers will exfiltrate this raw database of everything the user has ever seen on their computer? Very easy, I have it automated.HT detective pic.twitter.com/Njv2C9myxQ — Kevin Beaumont (@GossiTheDog) May 30, 2024

Microsoft told the media that a hacker cannot remotely exfiltrate Copilot+ Recall activity. Reality: how do you think hackers will exfiltrate this raw database of everything the user has ever seen on their computer? Very easy, I have it automated.HT Detective pic.twitter.com/Njv2C9myxQ — Kevin Beaumont (@GossiTheDog) May 30, 2024

Not only that, Beaumont mentions in his blog that the database can also be accessed by another user on the same PC, which is a big problem. He goes on to say that BitLocker encryption only helps if someone steals your laptop and tries to access the Recall database.