Microsoft's latest experimental Windows 11 build, 27938, quietly slipped into the Canary channel this week, but don't let the familiar feature list fool you. Beneath a right-click AI image editing menu, a privacy dashboard for generative AI, and the return of a seconds-displaying clock lies a clearer picture of how the company intends to weave artificial intelligence into the operating system's very fabric—and the transparency and control battles that will come with it.
Though each of these features has already appeared in the Dev or Beta channels, their arrival in Canary signals that Microsoft is stress-testing the underlying platform changes required to make AI an everyday OS utility. And for enterprises, IT admins, and privacy-conscious users, the new “Recent activity” log for AI usage raises immediate questions about data flows, logging, and governance.
AI Actions in File Explorer: A Shortcut to Smarter Image Editing
Right-click a JPEG or PNG in the latest Canary build and you'll see a new “AI actions” sub-menu. The four options—Visual Search with Bing, Blur background, Erase objects, and Remove background—are essentially shortcuts into existing Photos and Paint capabilities, but Microsoft’s decision to surface them directly in the file manager marks a shift in how the company thinks about frictionless AI.
“The immediate goal is to reduce friction for common tasks—remove a busy background, blur distractions, erase unwanted elements, or run a visual web search—directly from the file manager,” as noted by early testers. For the average user, this means no more launching a separate app just to quickly clean up a photo before sharing it. For power users, however, the growing context menu could become a source of clutter, and Microsoft has yet to offer granular toggles to disable specific AI entries.
The AI actions work only with PNG and JPEG files at present, and the feature depends on having the latest Photos and Paint updates from the Microsoft Store. Some Office-file AI actions, like summarization and FAQ generation, are reportedly planned but will likely require a Microsoft 365 Copilot license before reaching the consumer channel.
Performance is the critical unknown. Context-menu handlers that invoke cloud AI must return results in milliseconds, or risk angering users accustomed to instant context menus. Microsoft has said it will use on-device processing where possible on Copilot+ hardware, but Visual Search with Bing inevitably triggers a cloud call. Without clear documentation on which data leaves the machine, some insiders remain skeptical.
The Bigger Clock: A Small but Meaningful Comeback
In a move that feels like a direct response to user feedback, Microsoft revived the larger notification center clock that displays seconds. Toggle it on via Settings > Time & language > Date & time > “Show time in the Notification Center,” and you’ll see a bolder, easier-to-glance clock above the calendar flyout.
This is a feature Windows 10 users lost when they upgraded to 11, and its return, alongside other quality-of-life improvements, suggests Microsoft is listening to its base even as it races toward an AI-centric future. For many, it’s a small signal that the company hasn’t abandoned basic usability. Insiders who don’t see the toggle yet may need to wait for a controlled feature rollout, though advanced testers often resort to third-party tools like ViveTool—a path fraught with instability risks.
Gen-AI Activity Log: Transparency or Telemetry?
Arguably the most consequential addition is the new “Recent activity” pane under Settings > Privacy & security > Text and image generation. It lists third-party apps that have requested generative AI capabilities from Windows in the past seven days, ostensibly giving users visibility and control.
“On one hand, it gives users visibility and control—a necessary component when OS-level generative capabilities are being shared across apps,” analysts note. “On the other, the presence of such a list signals that the OS systematically logs AI usage, which could be sensitive telemetry depending on what’s recorded and where it’s stored.”
Microsoft’s messaging emphasizes local processing for Copilot+ PCs and encryption for features like Recall, but the new log page raises immediate concerns: Are prompts or partial images uploaded to cloud endpoints? Are logs stored locally and encrypted at rest? Can enterprise policies disable the AI subsystem entirely? The company has yet to publish detailed technical documentation for this feature, leaving IT administrators to test and prod in isolated environments.
The Canary Channel Conundrum: Why Here, Why Now?
The Windows Insider Program’s Canary channel has long been the most opaque testing ring. It hosts early platform changes—kernel tweaks, new APIs, experimental plumbing—that require long lead times and may never ship to mainstream users. That makes the appearance of user-facing AI features here somewhat perplexing, as Thurrott columnist Paul Thurrott himself noted: “No one has any idea what the Windows Insider Program’s Canary channel is for, but it just got a build with new features. For some reason.”
In reality, Microsoft frequently shuffles features across channels to validate different integration layers. Canary’s higher build number allows testing of the APIs and system services that underpin AI actions and activity logging, while Dev and Beta channels gather broader user-experience data. “What’s notable about this release is that Microsoft is continuing to iterate and shuffle these experiences across channels as part of multi-stage testing and controlled feature rollouts,” the community analysis reads.
For Insiders, the impracticality of Canary is real: you can’t easily leave the channel without a clean install, and features that look polished may never reach general availability. Microsoft’s official Flight Hub remains the authoritative source to confirm which builds are actually live, though at the time of writing, Build 27938 was not yet reflected there—a discrepancy that underscores the channel’s experimental nature.
Privacy, Enterprise, and the Road Ahead
The new AI features introduce a tangle of security, compliance, and policy considerations for organizations. Context-menu AI actions create new surfaces that can be triggered by attacker-controlled files; model files and image-parsing code must be hardened against exploits. IT admins will soon demand Group Policy controls to disable or restrict AI actions, exportable audit logs for compliance reporting, and clear guidance on whether on-device, cloud, or hybrid inference affects regulatory obligations.
The “Recent activity” page, while a transparency win, also normalizes the idea that Windows is watching when apps lean on its generative AI. As one security analysis put it, “Without crystal-clear privacy guarantees—what’s logged, how long it’s kept, where it’s stored—skepticism will rise among privacy-conscious users and regulators.”
Microsoft has iterated on privacy mitigations for its AI features: encryption for Recall snapshots and Windows Hello gating are steps in the right direction. But the opacity around activity logging threatens to undermine trust, especially in enterprise environments with strict data handling rules.
What This Release Tells Us About Microsoft’s Strategy
Build 27938 is less a revolutionary leap than a signpost. It confirms that Microsoft sees AI not as an app add-on but as a first-class operating system capability—one that needs to be as ubiquitous as the right-click menu and as transparent as a privacy dashboard.
That approach brings undeniable productivity wins. Surfacing AI actions in File Explorer could shave seconds off repeated tasks for millions of users. The clock restoration demonstrates product stewardship beyond headline-grabbing AI. And the activity log, if paired with robust controls, could set a precedent for user-centric AI governance.
But the risks are equally clear. Without granular user controls, the context menu will bloat; without unambiguous data-flow documentation, privacy will erode; and without consistent communication about the Canary channel’s role, developers and IT administrators will struggle to plan their deployments.
Recommendations for Insiders and IT Administrators
- Check Flight Hub before upgrading: Microsoft’s Flight Hub is the only authoritative record of which builds are active in which channels. If a build isn’t listed there, treat third-party reports with cautious optimism.
- Test in a sandbox: Canary builds are experimental by design. Use a dedicated test machine or a virtual machine, and never enroll production hardware.
- Audit the AI activity log: If your organization has compliance obligations, explore the new “Text and image generation” settings to understand what data is being collected and whether you can export or disable the feature via policy.
- Monitor Microsoft Store updates: The AI actions feature requires the latest Photos and Paint apps. Keep them updated to see the new integrations.
- Advocate for enterprise controls: Use the Feedback Hub to request granular Group Policy templates for disabling AI actions, limiting cloud calls, and managing generative AI permissions.
Microsoft is laying the groundwork for an AI-permeated Windows experience, and Canary Build 27938 offers a glimpse of both the promise and the pitfalls. For now, treat it as an invitation to test and critique, not a finished product. And until Microsoft publishes detailed privacy and enterprise documentation, keep a backup image close at hand—because when the operating system starts doing AI on your behalf, you deserve to know exactly what it’s doing.