April 17, 2026 Microsoft’s Recall feature for Copilot+ PCs is again under scrutiny after a researcher demonstrated a way to extract user activity data once the system is unlocked. The finding comes nearly a year after Microsoft delayed the feature and rebuilt its security following earlier criticism over unencrypted data storage.

Recall was introduced as part of Microsoft’s push to use on-device AI via neural processing units (NPUs), allowing PCs to capture screenshots of user activity and make it searchable over time. The feature was meant to run locally to improve privacy, but its original implementation stored screenshots and activity logs in unencrypted files, making it easy to access sensitive data.

After backlash from journalists and security researchers, Microsoft reworked the feature. Stored data is now encrypted, access requires Windows Hello authentication, sensitive content such as financial information is filtered, and Recall is turned off by default. The company positioned these changes as a significant security upgrade.

The latest issue centres on how Recall data is handled after authentication. Security researcher Alexander Hagenah, who previously created the “TotalRecall” tool, released an updated version called “TotalRecall Reloaded.” He argues the weakness is not in the encrypted database itself, which he described as “rock solid,” but in a downstream system process called AIXHost.exe that receives decrypted data.

“The vault is solid. The delivery truck is not,” Hagenah wrote. 

The tool injects a DLL into AIXHost.exe without requiring administrator privileges and waits for the user to unlock Recall. Once authenticated, it can intercept screenshots, OCR text, and metadata as they are passed to the process. Hagenah said the interception can continue even after the user closes Recall, and that both newly captured and previously stored data can be accessed once the system is unlocked.

Some limited actions, including retrieving the most recent screenshot, capturing certain metadata, and deleting the Recall database, can also be performed without Windows Hello authentication, according to the researcher’s findings.

Microsoft has said it does not consider the behaviour a security vulnerability. After reviewing the report, the company classified it as “not a vulnerability,” stating that the access patterns are “consistent with intended protections and existing controls” and do not represent a bypass of security boundaries. Microsoft added that safeguards such as authentication timeouts and anti-hammering protections are in place.

Despite the technical classification, the broader risk remains tied to the volume of data Recall collects. The feature can record large portions of a user’s activity, including emails, messages, and web usage. Anyone with access to the device and the user’s Windows Hello fallback PIN could potentially access that dataset.

The design has prompted some developers to act independently. Apps such as Signal have opted out of Recall by default using system flags intended for DRM-protected content, while tools like Brave and AdGuard have implemented similar protections to prevent their data from being captured.