A security researcher has released a tool that can extract data from Windows 11's 'Recall' feature, which uses AI to trace the entire history of the system, stating, 'A safe is sturdy, but a delivery truck is not.'

Security researcher Alex Hagena has released a tool called ' TotalRecall Reloaded ' that can retrieve Recall's stored data after user authentication, in response to Microsoft's AI feature 'Recall' for Windows 11. Recall was redesigned in 2024 following significant criticism and was updated to include Windows Hello authentication and virtualization-based protection, but this research shows that processing paths outside of that protection could become a new concern.

xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.
https://github.com/xaitax/TotalRecall

Microsoft faces fresh Windows Recall security concerns | The Verge
https://www.theverge.com/report/912101/microsoft-windows-recall-new-security-concerns-response

'TotalRecall Reloaded' tool finds a side entrance to Windows 11's Recall database - Ars Technica
https://arstechnica.com/gadgets/2026/04/totalrecall-reloaded-tool-finds-a-side-entrance-to-windows-11s-recall-database/

Recall is a Copilot+ PC feature that continuously records screenshots of your PC screen, making it easier to search for past work later.

Microsoft announces Windows 11's new AI feature 'Recall,' a powerful AI search function that records everything you've seen and done on your PC and allows you to search it later - GIGAZINE

However, its initial implementation received strong criticism for storing a massive database, including screenshots and usage history, without encryption.

Microsoft announces that it will disable the Windows AI 'Recall,' which records all Windows operations, after security vulnerabilities are exposed - GIGAZINE

Microsoft subsequently delayed the release for about a year, implementing measures such as encrypting locally stored data, restricting access via Windows Hello, strengthening the exclusion of sensitive information, and changing settings to disable it by default.

Windows' AI-powered PC history search feature 'Recall' is finally being released to the public, along with 'Click to Do,' which automatically performs actions based on information displayed on the screen using AI - GIGAZINE

The newly released 'TotalRecall Reloaded' is a successor tool to 'TotalRecall,' which was announced by Mr. Hagena in 2024.

TotalRecall, a tool that extracts anything from the recorded data of the 'Recall' function that saves everything in Windows 11 - GIGAZINE

Hagena stated that the Recall database itself is 'as robust as a safe,' but explained that the weakness lies in a separate process, 'AIXHost.exe,' which handles data transfer after authentication.

The tool injects a DLL into AIXHost.exe without administrator privileges, waits for the user to open Recall and authenticate with Windows Hello, and then intercepts screenshots, OCR-extracted text, and other metadata passed from Recall. Hagena describes this as 'the safe is sturdy, but the delivery truck is not.'

According to IT media outlet Ars Technica, after a user authenticates, Recall can access not only newly recorded content but also data it has previously recorded. Furthermore, it is said that even without Windows Hello authentication, it is possible to take recent Recall screenshots, collect some metadata, and delete the entire Recall database. The fact that Recall retains a wide range of information, including on-screen text, messages, emails, documents, and browsing history, is also a cause for concern.

After receiving a report from Hagena on March 6, Microsoft classified the issue as 'not a vulnerability' on April 3, stating that it was within the scope of intended protections and existing controls. Microsoft explained that 'there are timeouts and measures to prevent repeated attempts within the available time after authentication,' but since Recall itself accumulates a large amount of personal data, there is still a significant risk of information leakage to anyone who can access the PC itself and the Windows Hello alternate PIN.

Note that some apps, such as Signal, Brave, and AdGuard, have already implemented workarounds to prevent Recall from recording their screens.

Chat app Signal restricts screenshots to block Microsoft's 'Recall,' says user, 'Microsoft didn't give us any other options' - GIGAZINE