Microsoft Announces 'Recall': AI Takes a Screenshot of Your PC Every Few Seconds, Stores Everything Locally. Researcher Kevin Beaumont Builds Malware That Exfiltrates the Whole Database in Seconds. Microsoft Pulls Feature.

On May 20, 2024, Microsoft unveiled Recall for Copilot+ PCs — a feature that silently captures your screen every 3-5 seconds and stores every image in an AI-searchable database so you can 'find anything you've ever done on your PC.' Within days, security researchers including Kevin Beaumont discovered the database was a plaintext SQLite file readable by any process running as the current user, including ordinary malware. Beaumont published 'TotalRecall,' a 66-line Python script that exfiltrates the full Recall history. Microsoft pushed back for two weeks, then on June 13 announced Recall would be off by default, require Windows Hello, and encrypt the database. Delayed to October 2024, then delayed again to 2025. Recall is now the textbook example of AI features shipping before a threat model.