A new tool called TotalRecall Reloaded has raised fresh security concerns about Microsoft’s Windows Recall feature. Cybersecurity researcher Alexander Hagenah developed this tool. His findings highlight ongoing risks related to how Recall handles sensitive user data.
Recall is an AI-powered feature that takes regular snapshots of a user’s screen. It allows people to search through their past activity. However, Hagenah’s updated tool can quietly run in the background. It gains access to stored Recall data once a user logs in using Windows Hello.
Microsoft had earlier redesigned Recall after facing heavy criticism. The company added stronger protections, including encryption, secure enclaves, and biometric authentication. Microsoft claimed these changes would prevent malicious software from accessing user data after login.
Despite these improvements, Hagenah says the protections do not work completely as intended. He explains that the secure storage remains strong. However, the boundary controlling data access breaks down too early. As a result, the tool can follow the authentication process and retrieve stored information.
The data collected by Recall goes far beyond simple screenshots. It includes on-screen text, messages, emails, documents, browsing history, timestamps, and AI-generated context. This creates a highly detailed record of user activity.
Hagenah shared his findings with Microsoft in March 2026. He also provided technical details and code. According to him, Microsoft reviewed the report but did not treat it as a security issue. The company stated that the behaviour matches the intended system design.
Microsoft further explained that time limits and restrictions on repeated access help reduce risks. However, Hagenah disagrees. He argues that these safeguards can still be bypassed.
Reports suggest the problem lies in how Recall delivers decrypted data to other processes after authentication. While the storage itself stays secure, the way data is presented afterward may leave it vulnerable.
Hagenah acknowledged that several parts of the redesigned Recall security are robust. He praised the encryption and authentication model. Still, he believes further improvements are necessary in how data is handled once it leaves the secure environment.
This development once again puts the spotlight on the balance between useful AI features and user privacy. As Recall continues to roll out on Copilot+ PCs, both users and experts will watch closely to see how Microsoft addresses these ongoing concerns.
Tech Newsroom 24/7 