Microsoft has a piracy problem, and it's had it for some time. In 2006, the LA Times reported that software piracy had caused the company a loss of around $14 billion that year alone, despite the millions Microsoft spent trying to prevent the copying and distribution of its software and Windows operating system.
While losses like this would send most companies headfirst into a legal crusade, Microsoft has historically taken a more calculated approach to piracy. While publicly maintaining a zero-tolerance stance, Microsoft is aware of the potential benefits.
During a public talk at the University of Washington in 1998, Microsoft founder Bill Gates admitted, "Although about three million computers get sold every year in China, people don't pay for the software. Someday they will, though. And as long as they're going to steal it, we want them to steal ours. They'll get sort of addicted, and then we'll somehow figure out how to collect sometime in the next decade."
Microsoft, or at the very least Gates, viewed piracy as a short-term loss that could lead to long-term dominance in Windows adoption and familiarity among users. It's a tactic the company potentially played into once again in 2015 when Microsoft confirmed to Reuters that it would allow non-genuine Windows PCs to freely upgrade to Windows 10.
However, being aware of piracy and offering instructions on how to do it are two different things. The latter is something Microsoft's AI, Copilot, appears to be doing, unwittingly handing out methods to illegally activate copies of Windows to users with reckless abandon.
That's not hearsay, either — we tested it ourselves, and the results are alarming.
Microsoft has a new piracy problem: Copilot
A previously tactical approach to piracy may have been a pragmatic means to an end for Microsoft. The company could either spend an ever-increasing fortune fighting illegal distribution of its software or take advantage of an influx of Windows users, hoping to secure a loyal userbase for decades to come.
However, at no point has Microsoft directly facilitated piracy of any kind. That said, its Copilot AI is skirting dangerously close to doing so after guiding users with step-by-step instructions on how to illegally activate copies of Windows using a simple PowerShell command.
The PowerShell one-liner itself isn't new (this method of activating Windows has been available since at least November 2022). However, a Copilot reply is the last place you'd have expected to find it. Yet, that's exactly what happened on Tuesday when Reddit user "loozerr" asked Microsoft's AI if there was a script to activate Windows 11.
Not only did Copilot provide the requested script, but it also gave clear instructions on how to run it in PowerShell, linked to external sources for the tool, and offered only a meager token warning about the potential security risks of using third-party scripts.
Since the Redditor only partially shared their conversation with Copilot (noted by the lack of the conversation header in the screenshot), there was no guarantee that some form of jailbreaking hadn't taken place. So we tested it ourselves (shown above).
Shockingly, not only was Copilot's response reproducible, but it required no pre-prompting or jailbreaking to achieve. In fact, we were even able to access the PowerShell script just by asking, "Is there a script to activate Windows 11?"
Making matters worse, an immediate follow-up to Copilot's PowerShell-containing response saw the AI explicitly state that using the script is both against Microsoft's terms of service and considered illegal.
Questioning Copilot, and the potential harm at hand
Laptop Mag reached out to Microsoft for comment but did not receive a reply ahead of publication.
Copilot's ability to repeatedly provide the same illicit activation methods suggests that this fumble isn't a rare loophole caused by hallucination or wily jailbreaking attempts, but a major oversight in Microsoft's AI safety measures.
The implications are serious, with Copilot clearly able to provide access and instructions on how to perform actions that are both illegal and potentially harmful to the end user.
Beyond the legal risks, third-party activation scripts that download code from external servers pose a genuine risk of infection from malware, keyloggers, or remote access trojans (RATs). Using these tools, attackers may be able to disable Windows Defender or modify system files to prevent detection before stealing personal data, injecting backdoors, or compromising system integrity.
In total, Copilot's willingness to instruct users on executing these scripts stands as a serious legal and cybersecurity concern, if not a disaster.
While we await acknowledgment from Microsoft on this issue, Copilot's actions raise several questions: What safeguards does Microsoft typically have in place to prevent Copilot from potentially assisting in software piracy? Why did those safeguards fail? And how can software developers trust that Copilot won't provide similar activation workarounds or exploits for their own products?
Perhaps more importantly, is Copilot truly capable of responsibly determining what is and isn't potentially harmful information to share with its users?
