Security Researchers Uncover Vulnerabilities in Windows Recall as TotalRecall Tool Bypasses Protection Layers

New research reveals Windows Recall snapshots can be extracted via AIXHost.exe, raising alarms despite Microsoft’s refusal to label it a vulnerability.

By: AXL Media

Published: Apr 16, 2026, 4:24 AM EDT

Source: Information for this report was sourced from Windows Report

Architectural Weaknesses in Artificial Intelligence Data Rendering

The controversial Windows Recall feature is facing renewed scrutiny following evidence that its data delivery pipeline lacks essential system safeguards. Security researcher Alexander Hagenah has identified significant architectural gaps within the AIXHost.exe process, which is responsible for rendering Recall data. According to the research, this specific process operates without Protected Process Light, AppContainer isolation, or strict code integrity enforcement, creating a path for attackers to inject malicious code and extract sensitive snapshots.

The Post Authentication Extraction Window

The vulnerability does not rely on bypassing initial system entry but instead exploits the environment established after a user has verified their identity. Once a user completes a Windows Hello authentication, malware can operate in the background to access Recall snapshots. Because the system treats internal components as inherently trusted, the rendering process fails to properly verify which specific elements are requesting access to the data, allowing for unauthorized background extraction.

Disparity Between Vault Security and Delivery Pipeline

While the primary Recall storage vault utilizes robust encryption and security measures, the investigation suggests the risk lies within the access layer. The TotalRecall tool, which is publicly available on GitHub, has demonstrated the ability to retrieve cached snapshots without consistently triggering secondary security prompts. This indicates that while the data may be secure at rest, the mechanism used to deliver and display that data to the user remains a significant point of failure.