Legal Practice Technology Blog

If you use Windows 11, your Law Firm is probably compromised

Frank A Rivera CEO HoudiniEsq

Is Windows 11 a risk to your Law Firm?

AI is great. Trust me, bro.

AI is being implemented into everything these days. Predictive analytics for business forecasting, automated fraud detection in finance, AI-driven diagnostics in healthcare, and of course, chatbots. These are just a few examples. A law practice is no exception. AI is transforming the industry by automating time-consuming tasks, significantly increasing efficiency in document drafting, legal research, and due diligence. AI tools help law firms stay competitive, reduce human error, and deliver faster, more cost-effective services to clients. However, AI has fallacies.

Common issues that arise in all AI systems include poor or outdated data. Garbage in results in garbage out. AI is only as good as the data it is trained on. Poor-quality, incomplete, or biased datasets lead to inaccurate responses. Inherited bias is another. Large Language Models (LLM) inherit and amplify societal biases in their data. Lack of adaptability. AI systems excel only within the narrow parameters they were trained on. For example, Elon Musk’s Tesla Full Self Driving AI can’t play chess. AI systems struggle to apply knowledge from one domain to another. AI is inherently rigid. AI cannot adapt to novel, rapidly changing, unpredictable environments that fall outside its pre-defined rulesets. AI lacks understanding of context. Pattern recognition is not cognition. AI processes data patterns; it does not think, it does not understand underlying meaning or subtle context. It lacks common sense and human reasoning. Many AI systems live in the dark. Nearly all deep learning models operate as “black boxes,” making it difficult to understand how or why the AI reached a specific conclusion. This erodes trust. All AI systems degrade over time. We live in the information age. Things change rapidly. Models become outdated quickly and become less accurate. Models need to be continuously retrained with new relevant data. AI often fails to understand subtle nuances, leading to errors in complex fields like legal analysis or medical diagnostics.

It is fair to say that the list of AI benefits is long, and some may say that the benefits far outweigh the risks, but only in number, not in the cause and effect. Most AI systems are glorified search engines. The AI systems most consumers use today are not intelligent. You just need to peer below the surface to see why.

AI systems are easily manipulated using cleverly crafted inputs that are designed to mislead the AI system into disclosing sensitive information, documents, client names, or worse.

Large Language Models require inputs. These inputs are generally via a chat window called a context window where you enter a prompt and the “AI” analyzes your prompt and responds. What is occurring is the AI is guessing what the first word should be in the response. After it has determined what the most logical first word should be in the response, the AI adds the first word of the response to the end of your initial prompt and the AI processes the entire prompt again to find the second word and so on and so forth until its work is done. This raises a serious security risk because I or an AI Agent could intercept your prompt and inject commands into the prompt and have the AI return sensitive information that has nothing to do with your original request and you would be none the wiser. This is called AI Prompt Injection. It is one of many risks but an important one to mention.

AI prompt injection is a critical security vulnerability where attackers manipulate LLMs by crafting malicious inputs that override and bypass your instructions, essentially hijacking the commands sent to the LLM model, ignoring the intended instructions and any safety guardrails. This issue is recognized as a top AI security risk; it can lead to data exfiltration, unauthorized code execution, and critical business process hijacking.

The issue arises from the fact that LLMs process both developer instructions called system prompts and user-provided inputs in the same context. One large string of commands. The model cannot reliably distinguish between trusted instructions and untrusted, adversarial input, allowing the malicious inputs to take total control of the AI’s response. Add the fact that AI agents are all the rage these days, the security vulnerability is compounded since AI agents are essentially black boxes that execute commands on the user’s behalf. An AI agent that can read documents on your drive is just one example.

I don’t want to go too deep into the woods here since this blog is about the dangers of using Windows 11 in your practice, but it is important to mention that these security flaws are currently present in all AI systems.

You may be asking yourself, why is the industry not doing anything about this? It should be an easy problem to solve. The answer is because it is too soon. All the vulnerabilities of AI have yet to be discovered, and solutions tend to open a new can of worms. To be fair, it is a new industry; things will get better, but this takes time. It doesn’t help matters when the companies that provide the majority of AI tools today are large corporations like Microsoft that have so much at stake that they really need everyone using AI to justify their huge investments in this technology.

There is no doubt that AI will make all our lives easier, but the flip side of the coin is that integration of AI into any critical system poses risks, and one of those risks is embedding AI in our operating systems.

The Windows 11 debacle. 

On September 26th, 2023, Microsoft released the first major Windows 11 update featuring integrated AI called Microsoft Copilot. This Microsoft Windows 11 update was released as an optional, non-security update for Windows 11, version 22H2. The operative word here is optional. I will explain, but first, what is Copilot?

According to Microsoft, Copilot is an AI-powered conversational assistant developed by Microsoft. This is misleading. Copilot relies on OpenAI’s LLMs, specifically GPT-4 and GPT-5.

A LLM is a Large Language Model and is technology designed to understand, process, and generate human-like text by analyzing large datasets. They are a subset of machine learning known as deep learning, relying on neural networks to identify complex language patterns, grammar, and context.

Microsoft Copilot was designed to enhance productivity by automating tasks, drafting content, analyzing data, and generating images. It operates across nearly every Windows application in Windows 11, its Edge web browser, Microsoft mobile apps, and Microsoft 365 apps such as Word, Excel, Outlook, and Teams.

In late 2025, Microsoft was reported to have spent a total of $13.75 billion on OpenAI, the majority attributed to licensing and partnership frameworks for the development of Microsoft’s Copilot. In addition, Microsoft has spent massive amounts on AI infrastructure, roughly $88 billion in just fiscal years 2023 through 2024. That is a huge investment and a factor in why and how Microsoft’s AI is putting your law firm at risk.

Back to Microsoft’s claim that the update was optional. This Windows update was far from optional. It was installed silently. The update installed AI into every aspect of the Windows 11 operating system without the user’s knowledge or opt-in. This update was so bad that it also added ads in toolbars and menus without the user’s permission. This was not well received and an obvious push to recoup the billions and billions in their AI investment.

In an effort to allow Microsoft’s AI agents to “see what you see”, they gave their AI and potential third parties access to everything you do as well as the ability to alter settings, read the contents of your screen, and to act on your behalf without your knowledge. This is potentially catastrophic.

The experts are concerned.

The aggressive integration of AI into Windows 11, in particular Copilot and a feature called Recall, has faced significant backlash by cybersecurity experts.

Microsoft’s Recall feature is an AI-powered feature for Windows 11 that acts as photographic memory of all your computer activity. It periodically takes snapshots of your screen every 3 seconds, allowing you to search through your computing history such as apps you have used, websites you have visited, and documents you have viewed or created, leveraging OCR and natural language technologies to find and resume your previous work.

Sounds productive, doesn’t it? So why all the fuss? In Microsoft’s urgent push to recoup their $100 billion plus AI investment, they implemented the AI into Windows 11 sloppily. So much so that all those image snapshots of your screens included passwords, banking, and other sensitive information, but that isn’t the worst of it. Microsoft stored all this information on your drive in a SQL-lite database with no password or protection. Given that Copilot has access to your entire system, it adds a level of risk users are just not prepared for.

Cybersecurity experts state that Windows 11 is a security nightmare, and as a result, fixes are delayed by one year. This is outrageous. Privacy advocates and users raised alarms that Recall stores sensitive, unencrypted data that is accessible to malware and AI agents.

When Microsoft expressed plans to evolve Windows into an “agentic OS” where AI acts on behalf of the user, Microsoft received thousands of negative responses from cybersecurity experts, forcing executives to pause some of these plans.

Users have complained about Copilot being forced into essential and widely used apps like Notepad and Paint. The AI features have been reported to increase background CPU usage and cause a lot of memory consumption, impacting the battery life of laptops.

In early January 2026, Microsoft was being called “Microslop”. Microslop is a derogatory nickname for Microsoft after its AI push. The term is derived from the phrase AI Slop, which is slang for low-quality, mass-produced AI content we have all experienced online. The term was given to Microsoft by its users in protest to the company’s aggressive, forced integration of Copilot across all of Microsoft products. The blowback stems from a combination of privacy, performance, and usability concerns, with users labeling the push as “forced bloat”.

Bloat is an understatement and only the tip of the iceberg. The persistent addition of Copilot buttons appearing across the OS, including in the File Explorer and the taskbar, is seen as unnecessary clutter, leading to the creation of third-party tools to remove AI from the system entirely, but you are still stuck with the unwanted ads throughout the Windows 11 OS.

Ads in Windows 11 appear as app suggestions in the Start menu, promotional banners in the Settings app, and in the bottom-right corner of the Notifications app. Microsoft also displays ads within File Explorer, the Widgets panel, and on the lock screen promoting services like OneDrive, Microsoft 365, and Game Pass. Even the coveted search menu has ads.

In my opinion, forced adoption is a loss of control. A major frustration is that these features were forced by default with no clear or easy way to turn them off, making users feel they are guinea pigs in a forced large-scale proof of concept experiment. Users who paid for their OS are now forced to become Microsoft Windows 11 beta testers. It has been reported that after disabling the AI features, they are re-enabled after a Windows update. This is unacceptable.

Users are right to feel that AI is being pushed on them to serve Microsoft’s partnership with OpenAI and satisfy shareholders’ greed, rather than improving their users’ productivity.

Microsoft’s claims that its integrated AI features promise a revolution in productivity. Sure, seamless search and instant document summarization sound like a great productivity booster, but that is just on the surface. When you dig deeper, the promised productivity boost is just an illusion and largely marketing hype. I have found that the output is less than great and often is full of inaccuracies.

For a law firm, the allure of instant document summarization and seamless search is undeniable. However, these tools introduce profound risks to the foundational pillars of a legal practice. Attorney-client privilege, data sovereignty, and compliance with state and federal laws.

How is your law firm affected?

The erosion of the Walled Garden. The hallmark of legal work is the expectation of absolute confidentiality. Traditionally, data remained within isolated silos. Embedded AI in your OS breaks these walls by reading across the entire operating system to provide context.

Data leakage occurs if an AI model uses local data to learn or if it syncs your metadata to the cloud for processing. The firm has inadvertently granted a third-party vendor access to protected work products.

The recall feature in Windows 11 is a huge problem. This feature takes periodic snapshots of the user’s screen to create a permanent, searchable visual record of everything an attorney views—including sensitive discovery material or private communications—creating a massive target for opposing counsel subpoenas and cyber-attacks.

Discovery risks, especially in litigation, are significant. An opposing party could argue that the AI’s logs and snapshots are discoverable evidence, potentially exposing internal strategies and raw thoughts that were never intended for production or disclosure.

Waiver of Attorney-Client Privilege. Legal privilege is fragile; it can be waived if a communication is shared with a third party that does not have a strict legal requirement for confidentiality.

Third-party intermediaries using the OS-level AI to draft a memo or summarize a client meeting could be legally interpreted as “disclosing” that information to Microsoft.

Inaccurate summaries, an AI agent might misinterpret a nuance in a deposition transcript or miss a note in a contract clause, leading to malpractice lawsuits.

Lack of attribution, because AI often pulls from various local and web-accessible sources simultaneously, makes it difficult for an attorney to verify the source of a specific claim, undermining the duty of candor with the courts.

The American Bar Association and state bars emphasize the duty of competence. Integrated AI can be confidently wrong, a phenomenon known as hallucinations. If you’re not careful, AI can destroy an attorney’s career or practice.

While Windows 11 AI offers a competitive edge in speed, it creates a black box environment that is often incompatible with the strict transparency and security required by the law. For a firm to adopt these tools, they must implement rigorous administrative controls disabling features that record screens, opting out of data sharing for model training, and ensuring all AI processing occurs within a HIPAA/SOC2-compliant trust boundary. Without these safeguards, the AI is not just an assistant; it is a liability to your practice.

The good news is that Windows 11 requires a TPM 2.0 chip for Copilot to operate. TPM stands for Trusted Platform Module and is a hardware-based security processor, essential for Windows 11 Copilot. It manages encryption keys to protect data, user credentials, and boot integrity.

If you have older hardware, you may be safe running Windows 11 for now. A potential problem is when you need to upgrade your hardware in the future? Most new PCs have this security chip. Modern CPUs such as Intel’s Core 8th Gen+, AMD Ryzen 2000/3000 series+, often include this as firmware rather than a physical chip.

So what can you do?

For general use of any AI system, try the following. Sanitize your inputs. Treating all external inputs as untrusted and using delimiters to separate instructions from data. Defensible Instructions. Utilize a “sandwich defense”, place user input between two sets of instructions, and fine-tune your models to recognize and reject hijacking attempts. Limit privileges, ensure any AI agents operate with minimal privilege, and that they have no access to external tools.

What if I have Windows 11 and Copilot?

The simplest and best thing to do is to roll back and use Windows 10. You will have to pay for security updates, but it is better than paying a higher price later on. If rolling back to Windows 10 isn’t an option, here is what to do to secure a Windows 11 environment for legal work.

Your IT department must first and foremost use Group Policy Objects called GPOs and Mobile Device Management called MDMs to ensure these features cannot be re-enabled by end-users or by a Windows 11 software update.

Here is a checklist of high-priority changes to help mitigate most of the risks. I have included the GPO paths, e.g. >User Configuration>Administrative Templates>Windows Components>Windows Recall.

1. Disable Windows Recall (Snapshot Privacy)
Microsoft’s Recall feature takes constant screenshots of the desktop. For a law firm, this is the highest risk factor for data breaches and discovery.

Disable Save snapshots for Windows.
>User Configuration>Administrative Templates>Windows Components>Windows Recall
Set Turn off saving snapshots for Windows to Enabled.
This will prevent the OS from recording any visual history of client files or emails.

2. Disable Copilot (General AI Integration)
System-wide Copilot can scan active windows and documents to provide suggestions, which sends metadata/content to the cloud and Microsoft.

Turn off Windows Copilot.
>User Configuration>Administrative Templates>Windows Components>Windows Copilot
Set Turn off Windows Copilot to Enabled.
This removes the Copilot icon from the taskbar and prevents the sidebar from being invoked.

3. Restrict Cloud Search & Data Collection
Windows 11 often sends local search queries to Bing to provide “enhanced” results. This can accidentally leak client names or case numbers to Microsoft’s search index.

Disable Web Search in Taskbar.
>Computer Configuration>Administrative Templates>Windows Components>Search
Settings Set Do not allow web search to Enabled.
Set Don’t search the web or display web results in Search to Enabled.
This ensures the Windows search bar stays local to the machine’s hard drive only.

4. Adjust Diagnostic & Telemetry Data
By default, Windows may send “Optional Diagnostic Data” to Microsoft, which can include snippets of memory or document content if a crash occurs while an AI feature is active.

Limit Diagnostic Data to Required only.
>Computer Configuration>Administrative Templates>Windows Components>Data Collection and Preview Builds
Set Allow Diagnostic Data to Enabled, and select Diagnostic data off (not recommended) or Required diagnostic data from the dropdown.

5. Disable Tailored Experiences
Microsoft uses diagnostic data to offer personalized tips and suggestions, effectively using AI to analyze user behavior.

Turn off Tailored Experiences.
>User Configuration>Administrative Templates>Windows Components>Cloud Content
Set Turn off Microsoft consumer experiences to Enabled.

In short, the blowback has forced Microsoft to move away from forcing AI into every corner of the OS and toward a more targeted, optional approach. However, the loss in trust of its user base has hurt Microsoft’s credibility; and as a result, many users and law firms have or are planning on moving away from Windows to OS X and Linux.

The legal industry is typically risk-averse, but with the promise of quick solutions, many law firms are jumping in headfirst. In my opinion, the waters are way too shallow at this time. A bit of caution and common sense can avert a tragedy.

Frank A Rivera CEO HoudiniEsq

Does the reliance on Google put your Law Firm at risk?

Frank A Rivera CEO HoudiniEsq