What I see is that the AI agent is an optional, experimental off-by-default service that is configured to only have access to the folders you specifically choose.
From the MS article:
"An agent workspace is a separate, contained space in Windows where you can grant agents access to your apps and files so they can complete tasks for you in the background while you continue to use your device. Each agent operates using its own account, distinct from your personal user account. This dedicated agent account establishes clear boundaries between agent activity and your own, enabling scoped authorization and runtime isolation. As a result, you can delegate tasks to agents while retaining full control, visibility into agent actions, and the ability to manage access at any time.
Agents typically get access to known folders or specific shared folders, and you can see this reflected in the folder’s access control settings. Each agent has its own workspace and its own permissions—what one agent can access doesn’t automatically apply to others.
[..]
Agent workspace is only enabled when you toggle on the experimental agentic feature setting. The feature is off by default."
Funnily enough this is exactly how I ended up setting up CLI coding agents. E.g. made a separate user account, granted it RO or RW access to some of my projects, et viola
What I see is that the AI agent is an optional, experimental off-by-default service that is configured to only have access to the folders you specifically choose.
From the MS article: "An agent workspace is a separate, contained space in Windows where you can grant agents access to your apps and files so they can complete tasks for you in the background while you continue to use your device. Each agent operates using its own account, distinct from your personal user account. This dedicated agent account establishes clear boundaries between agent activity and your own, enabling scoped authorization and runtime isolation. As a result, you can delegate tasks to agents while retaining full control, visibility into agent actions, and the ability to manage access at any time.
Agents typically get access to known folders or specific shared folders, and you can see this reflected in the folder’s access control settings. Each agent has its own workspace and its own permissions—what one agent can access doesn’t automatically apply to others.
[..]
Agent workspace is only enabled when you toggle on the experimental agentic feature setting. The feature is off by default."