Home users of Microsoft Windows corporations have received clarification regarding how AI agents in Windows 11 will handle personal files. The main point is that they will not be granted access to documents, desktop files, and downloads without user consent. This pertains to six Windows directories: Desktop, Documents, Downloads, Music, Pictures, and Videos. As confirmed by Microsoft, the AI by default lacks entry to these folders and must request user approval. Furthermore, permissions can be configured separately for each agent—be it Copilot, Researcher, or Analyst. These clarifications arrived following a flurry of inquiries and critique surrounding the vigorous promotion of AI agents within Windows. In recent weeks, Microsoft has been actively preparing “agentic” scenarios—AI that can interact with files, applications, and system settings. However, the company itself admits that AI models might make errors, hallucinate, and introduce novel security risks. As noted by Windows Latest, on December 5th, Microsoft revised the documentation for experimental features in Windows 11 insider builds (starting with build 26100.7344). It explicitly states: AI agents are an optional feature, and even after enabling them, file access without express user permission is impossible. How will this function operationally? If an agent requires entry to personal folders, Windows will display a pop-up window offering a choice: allow always; ask every time; disallow entirely. Moreover, rights are defined at the agent level, not for the entire system. Yet, there is a subtlety: selecting individual folders is not possible—permission is granted for all six at once or none. To manage all this, a distinct settings section will emerge in Windows 11. Accessing it is possible via Settings → System → AI components → Agents, where file access settings and the so-called Agent Connectors are available for every AI agent. The latter operate via the MCP (Model Context Protocol) and permit the AI to interface, for example, with File Explorer or system settings—also strictly upon user authorization. Simultaneously, Microsoft highlights an important detail: AI accounts have access only to folders open to all authenticated users. Directory locations accessible only to a specific user will remain locked unless the user explicitly grants entry via the relevant dialog box. All these mechanisms are currently only accessible in preview builds of Windows 11 24H2 and 25H2. When they will appear in stable versions—Microsoft has not specified. Nor has it addressed another awkward question: when will AI cease to hallucinate and generate new vulnerability types, such as prompt injection?
About the Author
