President Donald Trump signed an executive order Tuesday creating a "voluntary framework" for AI companies to share their frontier models with the federal government before they're released "to promote secure innovation and strengthen the cybersecurity of critical infrastructure."

The order says the US AI industry has succeeded in part "because we refuse to stifle this innovation with overly burdensome regulation," but that it also recognizes new AI capabilities come with security risks. Accordingly, it directs several federal agencies to come up with a framework to "assess the advanced cyber capabilities of AI models" before they're releas …

Read the full story at The Verge.

AI has arrived in the enterprise, and the shift is happening all at once. Every function, every role, every workflow is being reshaped. At the same time, a new class of organizations is emerging, one that will look fundamentally different from the companies that defined the last era of business. The winners won’t be those with the most demos, but those that turn AI into a governed, continuously improving system for running real work.

This isn’t just about chatbots, either. Those experiences are useful, but they don’t transform how large organizations operate. The real opportunity is teams of agents executing long running work across functions like software delivery, support, finance, HR, and operations — with the identity, context, policy, and human oversight required to trust them in production.

To make this possible, enterprises need more than access to a powerful AI model or scalable compute. What determines success is the system around the AI: how agents are built and deployed by engineering teams, how they’re contextualized in the enterprise, how they’re governed and observed in production, and how they improve safely over time. Without that system, AI remains fragmented, fragile, and difficult to trust at scale.

We’re taking a fundamentally different approach. We are building a comprehensive agent platform: one that supports many models, is open, and gives you choice and flexibility at every layer of the stack. And we are purposefully designing it with developers at the center. Today, the next pieces of that platform are clicking into place.

Building a system for the agentic enterprise

To succeed in this new era, an agent platform must meet a higher bar. It must run real production workloads, map real organizational complexity, and manage real business responsibility.

We’re building around three key principles:

First, it must be a single, integrated system, with support for a wide range of models.
Enterprises can’t afford to assemble their agent strategy one piece at a time. Disconnected tools stitched together after the fact can slow teams down and introduce unnecessary risk. Building, contextualizing, running, governing, and improving agents should happen within one coherent system. That’s why we’re bringing together Azure, GitHub, Microsoft IQ, Fabric, Foundry, Windows, Microsoft Security, and Microsoft 365 to operate as a single system you can use to deploy agents at enterprise scale. Enterprises also need the flexibility to choose the right model for the task, balancing quality, speed, and cost — including Microsoft models, partner models, and open models.

Second, it must be secured and governed by design.
Governance is easy to claim and much harder to deliver. Making it real means starting with a single stack that spans development through production, built on the identity, access, compliance, and security foundations enterprises already trust. By extending Entra, Purview, Defender, Agent 365, and the broader Microsoft Security stack, governance becomes native to the system rather than bolted on later, supporting the ambitions of an AI first enterprise without compromising control.

Third, it must improve continuously.
Enterprise AI systems can’t be static. Agent behavior, outcomes, and human feedback must flow back into the system, so it can improve safely over time under human oversight. As the system runs, models, workflows, and agents become more capable and more specific to an enterprise’s unique business processes. The result is a system that compounds in value the longer it’s in use.

These properties are becoming must-haves, and enterprises that align their AI ambitions with these three principles will pull ahead in quarters, not years.

So how does a system like this actually take shape inside a real enterprise? It starts where work begins, with how agents are built. Let’s walk through what that looks like on the platform we’ve built.

 

1. Build in GitHub

GitHub is where your developers already work. It’s where your dependencies live, where your application and code context is kept, where you collaborate with the open source community you depend on, and where you drive innovation. Building agents anywhere else means leaving all that behind.

Agents should be built the same way production software is built. You write code with GitHub Copilot to move faster. You bring together the assets that matter most: codebases, work items, agent skills, and tools. And because agents aren’t just code, you bring your evals and observability assets alongside them, all versioned the way any production system should be.

Agents must follow a lifecycle: source, test, deploy, observe, and improve. GitHub sets up that lifecycle and provides the necessary controls from day one. The result is a workflow designed for building agents with the right guardrails from the start. And you can do all this in one place, in a new app built for this system.

2. Contextualize with Microsoft IQ

Code is only part of an agent. To be useful, an agent also has to understand your business: your customers, your products, your contracts, your processes. Without enterprise context and intelligence you can trust, even the most capable model is guessing.

Enterprises require a wide variety of models and the ability to match the right model to the right job, but model choice alone is not enough. Microsoft IQ grounds agents in enterprise context by connecting to your business data wherever it lives, across Microsoft 365, your core business systems (such as customer and revenue data), and other systems your enterprise already relies on, like knowledge bases and your website. With Web IQ, the latest addition to the IQ platform, agents can also incorporate relevant information from the web when appropriate.

Contextualizing agents in enterprise data isn’t just about access. Pointing AI at raw information is inefficient and brittle. Microsoft IQ organizes, secures, and surfaces the right information in forms agents can actually use, so they can reach accurate insight without drowning in noise or hallucinating answers.

Once agents are grounded in the right context, enterprises can go further. With Frontier Tuning, you don’t just call AI models. You improve how they behave using your data and real-world workflows.

That includes Microsoft’s seven new MAI models, spanning image, voice, transcription, coding, and reasoning. Together, this model family is designed to work across the kinds of tasks that matter in the real world, and critically, these models are not static endpoints. They’re built to learn from how work actually gets done in your business.

Our reinforcement learning environments allow our models to be reinforced through actual outcomes in your environment. Think of them as training gyms for AI. Here the agent learns your very specific processes, standards, and way of working. It becomes specialized and adapted to you, delivering a measurable and better ROI.

Moreover, your custom or post-trained models all stay in your environment. Your intellectual property, your proprietary data, and the way work actually gets done become part of how your agents reason and act. The resulting intelligence runs in your environment, under your control, and the learning stays yours.

Without context and Frontier Tuning, agents are capable generalists. With it, they become a customized partner that understands the business they’re operating in.

3. Run in Foundry

Once agents are built and contextualized, they need a place to run. Not as an experiment. In production.

Agents and teams of agents place very different demands on a runtime than traditional applications do. They need to reason, act, call tools, coordinate with other agents, and adapt over time, all while operating under enterprise controls. Foundry is the runtime designed for that reality.

• The largest collection of models: Different agents need to be good at different things at different price points. Whatever the task, whatever the cost profile, Foundry provides access to the right model, and an optimized model router helps you balance quality, speed, and cost for each agent.
• Optimized performance for open models: With Fireworks AI on Foundry, enterprises get faster, more efficient inference directly into the platform.
• Support for any agent, including those not built on our stack: Bring in agents built on the Microsoft Agent Framework, LangGraph, GitHub Copilot SDK, Claude Agent SDK, or a custom harness.
• Tools and actions: Agents act on enterprise systems through MCP, connectors, APIs, and workflows, with safe execution by default.
• Evals and traces: Observability and traces make agent behavior measurable. If you can’t measure it, you can’t improve it.
• Continuous optimization: Foundry enables tuning of models, harnesses, IQs, tools, and actions over time, improving performance as agents operate in your world.

A trust, security, and policy rail wraps the entire runtime. Policy applies consistently across context access, tool calls, optimization updates, traces, and response delivery. The agent doesn’t just work. It works the way your enterprise requires.

This is where your agent stops being a project and starts becoming a production system.

4. Govern with Agent 365

Now multiply that agent by hundreds. Then thousands. That’s what happens as different teams build agents across an enterprise. Some are well designed. Some aren’t. Some have access they shouldn’t. Others are doing valuable work that no one else in the organization benefits from.

Enterprise governance isn’t optional. Enterprises need a way to see what’s running, understand what it can access, monitor task adherence, and enforce policies across their entire agent estate.

Agent 365, along with Entra, Purview, Defender, and the broader Microsoft Security stack, come together to do just this. And if you’re interested in AI for security in addition to securing your AI, there’s “MDASH.”

Every agent in your organization shows up in a single catalog, whether it was built in Foundry or elsewhere. IT sees who deployed an agent, what data and tools it can access, how it’s behaving, and what it costs. They can enforce policy or take action when required.

One place. Full visibility. Real control over what your agents do and don’t do.

5. Improve continuously

Agents can’t be static. Every agent action generates signal: trajectories, outcomes, feedback. The system captures it, refines it, and feeds it back. Observe. Evaluate. Improve. Roll out safely. Repeat.

This learning loop runs continuously, in production.

Most gains start with eval-driven improvements to the agent itself: prompts, context, skills, and tools. As clear patterns emerge, learning can extend into model routing across multiple models, fine-tuning, or reinforcement learning. But it all stays anchored in evaluation, improving agent quality and ROI to the level the business requires.

The loop is governed, not closed. Enterprises need to audit it, correct it, and control how to roll out changes. The system becomes more capable over time, guided by human oversight and increasingly autonomous, but never beyond your reach.

This is the hill-climbing model in action: system-level improvement, happening continuously while the system runs.

6. Surface where people work, and scale on Azure

Of course, none of this matters if it doesn’t reach the people doing the work.

Agents surface directly in the flow of work, in Teams, across Microsoft 365, and inside your own applications and experiences. Identity, security, and compliance are built in from the start, so the agents that your teams rely on day to day inherit the same trust model as the rest of your environment.

We support multiple platforms, but your agents can be developed and run in an optimized and secure way on Windows. You can run models both in the cloud and locally on your machine, and best-in-class sandboxing lets you run always-on agents safely.

When you need compute optimized for AI, global and sovereign infrastructure, or a route to market, the system scales on Azure, the same enterprise foundation customers have trusted for decades.

The system compounds

Every leading enterprise will converge on this model: a central AI platform that orchestrates work across the business, bringing together data, models, agents, and human judgment into a continuously improving and secure system.

As that system runs, its value compounds. Velocity increases and the bottleneck shifts from effort to human creativity and coordination. People are able to do more work independently, guided by shared context and fewer handoffs, while the business moves faster without adding friction.

We’re in a time of profound disruption. The enterprises that lead in this moment will be those that adapt as conditions change, simplify how work is coordinated across the business, and consistently turn intelligence into real outcomes. Microsoft’s agent platform is designed to do exactly that: it unlocks the ability to build, contextualize, run, govern, and improve agents as a single, integrated system.

At that point, the platform becomes more than a build layer. It becomes the operating system for enterprise AI at scale, where intelligence and trust are built in by design.

The post AI alone won’t change your business. The system running it will. appeared first on The Official Microsoft Blog.

Platforms shift when developers build. We explore, choose tools, dream, create.

This platform shift comes with more information than ever, ready at your fingertips. This shift, it’s about building fast AND THEN: it’s about building, operating, optimizing and observing. Securing your infrastructure, applications and agents in a seamless way that doesn’t slow you down from the moment you open your laptop to the moment you ship to production.

But there’s a duality in being a developer – you’re a tinkerer, choosing your own tools and models, and you’re an enterprise builder, shipping systems that demand governance, security and trust from day one.

Developers don’t need another way to just build and run an agent or app. They need trust. They need native context and knowledge. Most of all, they need choice to access the right model for the right problem.

This duality is where Microsoft thrives. We ask: what does it mean to be a modern developer today? And at Microsoft Build, we shared how we empower developers to build in this era of ubiquitous intelligence with the controls and security you expect at scale – on a platform that’s model diverse, open and heterogeneous at every layer of the stack. Bringing together what you know with what the world knows natively.

There’s a lot of news today, but there are three themes to anchor on.

First, intelligence that’s truly yours. With the Microsoft Agent Platform powered by your context and intelligence from Microsoft IQ, you can build your agent in GitHub, deploy it to Microsoft Foundry and optimize it automatically with models best suited for the job. Ground it in your intelligence and the world’s knowledge, then access it via Microsoft Teams, M365 or anywhere your team works. Designed to reduce the need to make tradeoffs between context and governance, security and speed, or models and tools.

Second, the full stack built your way. You should be able to build the way you want to build, with the tools, models and workflows you choose, and make it real. This expands beyond the agent platform to across the stack. Silicon to OS to developer tools to cloud – and that starts with Windows. Not Windows for “Windows developers.” Windows for developers, period. We’re bringing a new developer configuration that gives you more flexibility, a frictionless intelligent shell and terminal experience, local sandboxing for agents, new Windows Subsystem for Linux capabilities and powerful options to do it on your local machine.

Third is what comes next, where agentic systems move from code to human progress, amplifying what scientists and researchers can achieve. New frontiers in science and computing that start with the same developer platform underneath.

Together, developers get a multi-model ecosystem, from your laptop to the cloud, so you can build the frontier without giving up the control and craft that truly makes the work yours.

And as always, it starts with the developer. Let’s dive in.

Agents that know you, your business, and the world

As models become more capable and more available, the differentiator for any organization is no longer access to intelligence, but ownership. How does your expertise, data and way of working become a system that continuously learns and drives better outcomes? The goal is an ecosystem that gives companies their own agency, not one that funnels value back to a consultant or the model maker.

Your agents should reflect how you think and operate, from your business logic and institutional knowledge, down to your workflows.

That starts with context. Microsoft IQ, generally available today across GitHub Copilot, Microsoft Foundry and Copilot Studio, is a new context layer that grounds agents in both world knowledge and enterprise knowledge. Work IQ is the workplace intelligence layer for agents, capturing how work actually happens across Microsoft 365, organizational systems and external sources: people, emails, documents, meetings and how they connect. The Work IQ APIs, generally available on June 16, provide programmatic access to this intelligence layer and give agents the context they need to work effectively in your organization. Fabric IQ provides a shared semantic foundation over structured business data. Foundry IQ ties it together and enables retrieval planning across both enterprise knowledge and the live web.

New to the family is Web IQ, announced today: the fastest real-world grounding you can give your agents. An AI-first web search stack that’s model-agnostic and MCP-native, returning relevant passages at nearly 2.5x the speed of the next best alternative.

We’re also looking at how this context applies to new form factors, specifically always-on autonomous agents. Microsoft Scout is a new personal agent for work that we are bringing to Frontier customers today. Built on OpenClaw and WorkIQ, Scout understands how you work, uses the tools you already live in, like Teams and Outlook, and proactively handles things like meeting prep, scheduling conflicts and routine tasks without asking. We’re excited to share more soon as we expand what Scout can do and roll it out more broadly.

On the model layer, the Microsoft AI Superintelligence Team released a family of seven new in-house models, starting with MAI-Thinking-1 – Microsoft AI’s first reasoning model. Trained from scratch with zero distillation on enterprise grade, clean and commercially licensed data you can build on with confidence.

It’s a mid-sized, 35 billion active parameter model with a 256K context window built for high efficiency and performance, but importantly, at a low-token cost. On a blind test, independent raters prefer it to Sonnet 4.6 [1], and it matches Opus 4.6 on coding abilities on SWE Bench Pro [2]. MAI-Thinking-1 was designed to be good at complex multi-step instructions, long-context reasoning and code generation, and it’s open now on Foundry in private preview.

But that isn’t the only new model. MAI-Image-2.5 and its flash variant are Microsoft’s first models to serve both text-to-image (#3 on the Arena AI leaderboard) and enabling image-to-image workloads (#2 on the Arena AI leaderboard, surpassing Nano Banana 2). These are especially useful in creative workflows, when you want some assistance taking a concept into reality or enhancing existing image work. These models are live in PowerPoint, rolling out on OneDrive, and today, they’re landing on Foundry with market-leading quality per dollar.

There are other new members of the MAI family too: MAI Transcribe 1.5 combines state-of-the-art accuracy across 43 languages, with streaming coming soon. MAI-Voice-2 and its flash variant are now available in more than 15 additional languages with new voice options. And MAI-Code-1, our inference efficient coding model tuned for GitHub, is now available in Copilot and VS Code.

Developer choice doesn’t stop at our catalog. MAI models will also be available on Fireworks AI, Baseten and Open Router. And Fireworks AI is now generally available on Foundry, giving developers a single platform experience with enterprise governance and Azure data residency, regardless of the model they choose.

For organizations ready to make intelligence truly their own, Frontier Tuning applies reinforcement learning within your compliance boundary so agents can learn how the business actually works. Using your own data, domain knowledge and workflows, the result is a loop that sharpens as agents work. Available in private preview today.

And security and governance wraps the entire system. Agent 365 for local agents extends Entra, Defender and Purview into a single control plane to observe, govern and secure agents across your estate, regardless of where they’re hosted or what framework they’re built on. This is how you build at speed while maintaining control.

Alongside it is an open, end-to-end trust stack for AI agents on any framework anchored by two open-source projects: Adaptive Spec-driven Scoring for Evaluation and Regression Testing (ASSERT) for policy-driven safety evaluation, and the Agent Control Specification to standardize where and how to apply controls in the agent loop.

Also strengthening our defense is Codename MDASH. Our new multi-model agentic security system deploys 100+ agents to find exploitable bugs by reasoning about data flow, business logic and exploit chains with context-aware fixes delivered directly in the Defender Portal.

The full stack, your way

When we think about work in the agentic age, it requires a ubiquitous intelligence platform that spans cloud and edge. But as a developer, how do you build these rich, agentic systems while staying firmly in control? That means staying in flow instead of waiting on tools and running experiments in minutes rather than hours.

It starts at the silicon, and that’s where Surface RTX Spark Dev Box comes in – it’s designed for sustained workloads: long-running training jobs, agentic AI pipelines and local model fine-tuning.

Powered by NVIDIA RTX Spark, it delivers up to one petaflop of AI compute and 128 GB of unified memory, capable of running up to 120B parameter LLMs with up to 1 million tokens context using agents locally without cloud GPU instances [3]. Windows Services for Linux (WSL) 2 with native GPU passthrough and full CUDA support comes pre-configured for developers, with Visual Studio Code, GitHub Copilot and many more of your favorite tools pre-installed. Surface RTX Spark Dev Box will be available later this year in the US via Microsoft.com.

In the OS layer, Microsoft is making Windows an agent-native runtime. Microsoft Execution Containers (MXC), now in preview, gives developers and IT administrators a simpler way to create enterprise-grade sandboxed environments for agents, with containment enforced by the operating system itself. Describe your requirements once, and Windows enforces them everywhere your agents run.

This technology is now being used by OpenClaw on Windows, enabling execution of multi-step workflows inside these OS-enforced boundaries. NVIDIA’s OpenShell secure runtime for autonomous agents uses MXC and adds policy management, inference routing and PII obfuscation. Together, these capabilities give developers a safe environment for agent development and deployment and provide IT teams with the governance tools they need across local devices and cloud environments.

And when agents move to the cloud, hosted agents in Foundry Agent Service, in preview, provide the same model at scale: instant-on sandboxes per session, isolated execution, persistent memory and elastic scale. Think of it as the primitive for agents the way containers were for cloud-native apps.

Agentic development flows, whether in the IDE or in the command line, helps us write code faster than ever before, but that’s only one part of building software.

The GitHub Copilot app, now in preview, brings agentic development to a native desktop experience – and a much wider audience. Start from an idea, an existing issue or PR, orchestrate multiple agent sessions in parallel, and keep changes moving through review, CI and merge. Each session uses git worktrees, so work stays separated. Copilot handles execution, while developers say in control.

Developers can generate applications in seconds, but getting those apps into production still requires stitching together databases, APIs, authentication and infrastructure.

At the platform layer, Rayfin, now in preview, solves that. It brings a managed, backend-as-a-service to Microsoft Fabric, defined through GitHub-based workflows, so developers can move from prototype to production without managing infrastructure. Integration with Replit creates a fast path from prototype to enterprise-grade deployment with governance from day one. And as agentic applications scale, Azure HorizonDB delivers performance and reliability to meet your most demanding database requirements. It’s a fully managed PostgreSQL service on Azure that delivers more than 3x the throughput of comparable self-managed setups in internal testing.

The future belongs to builders

In the same way long-running agents have helped redefine software development and the role of the developer, new agents will help change research and development and what scientists can achieve.

Microsoft Discovery is generally available today. Built on Azure, it gives researchers an enterprise-grade agentic AI platform for the full science workflow. BHP is using it to find copper-leaching solutions in months instead of years. Syensqo is accelerating semiconductor R&D. GSK is iterating on drug discovery. Additionally, a free Discovery local app was announced for the broader scientific community. It is available in preview and only requires a GitHub Copilot account.

Finally, our next generation quantum computing chip Majorana 2 represents a giant step toward scale: an average qubit lifetime of 20 seconds with instances up to a minute, 1,000x higher reliability than our previous generation, and a path to one million qubits on a chip that fits in the palm of your hand. With the help of agentic AI, we will achieve a scalable quantum machine by 2029.

***

Platforms don’t shift on their own; developers build them forward. Today is about giving you more to build with.

These are just some of the announcements at Build. We’re excited to connect with those of you joining virtually and in person for keynotes, code deep dives, hack sessions and more. Many sessions will also be available on demand.

For the full set of news, visit the Microsoft Build Live blog.

Now, let’s build.

***

Footnotes:
1: measured via Surge our independent human rating partner
2: Based on the SWE Bench Pro Benchmark
3: Source: NVIDIA. Based on 1 Theoretical FP4 TOPS using the sparsity feature.

Related:
Check out our live blog, Microsoft Build Live

Read more about all the updates for developers

The post Microsoft Build 2026: Be yourself at work appeared first on The Official Microsoft Blog.

While the agentic shift has made development faster, it’s also led to disjointed workflows, more context switching, and too much time spent reviewing agent-generated code.

If agents are going to be a durable part of how software gets built, they need a real place in the developer workflow. Yet most developer tools were not designed for directing multiple agents in parallel. Context scatters across windows. You lose track of what’s running. Code lands in pull requests without a clear trail of what the agent tried, what it validated, or where human judgment is needed.

Get started with the GitHub Copilot app today using your existing Copilot Pro, Pro+, Business, or Enterprise plan. Learn more >

Across GitHub, developers are using agents to move from prompt to plan, from issue to pull request, from review feedback to merged code. As agentic workflows become the norm, repository creation, pull request activity, and API usage are all accelerating with no evidence of slowing down. On GitHub alone, commits nearly doubled year over year, crossing 1.4 billion per month, plus over 2 billion GitHub Actions minutes a week.

To meet this demand and continue to be the home for all developers (and now their agents), our focus is scaling our underlying systems and improving resilience and stability across all of our services, at every layer of the stack.

GitHub is building that system for the agentic frontier, and that’s what we’re showing today at Microsoft Build.

Copilot app: A control center for agent-native development

You start the day with three pieces of work already in motion. One agent is investigating a production bug. Another is implementing a backlog issue. A third is working through review feedback on a pull request. Each is running in its own isolated environment, producing changes you can inspect, redirect, test, and merge.

You need an environment that can keep up.

The new GitHub Copilot app is the agent-native desktop experience built on GitHub. From a single My Work view, you can see work in motion across connected repositories: active sessions, issues, pull requests, and background automations. The Copilot app is now available in technical preview for existing Copilot Pro, Pro+, Business, and Enterprise users.

The GitHub Copilot app is the latest in a line of AI tooling from GitHub that is transforming our business. Moving beyond AI assistance, the app has provided a much-needed control center for agentic development.

Our Forward Deployed Engineers can dispatch a cohort of agents and manage multiple initiatives, all from one location. Easy access to plans and autopilots with the ability to run interactive sessions or step into code where needed.

David Jobling | Master Technology Architect, Head of Technology & Delivery Futures, Global Solutioning & Delivery, Avanade Inc.

Every session runs in its own git worktree, a real, isolated copy of your branch. This helps parallel agent sessions work without stepping on each other. The app handles every worktree for you: no manual setup, no cleanup, no branch juggling. Whether you start from a prompt or an issue from your inbox, Copilot gets the context it needs from existing issues, pull requests, and the repos you’ve connected.

Then Agent Merge helps carry that pull request through review, checks, and merge. It monitors CI, tracks required reviewers, addresses failing checks, and waits for all conditions to be satisfied. You choose how far Copilot should go: drive CI back to green, address feedback, or merge when your conditions are met. You decide what automation is enabled and what ships.

Canvas: Where intent becomes inspectable work

Chat is powerful for instruction and ambiguity. But once an agent starts doing real work, a chat thread becomes a long scroll of decisions, logs, and corrections. You need a place where the work itself is visible.

Today, we’re also introducing canvases in the GitHub Copilot app. Canvases are bidirectional work surfaces for humans and agents. A canvas might show a plan, pull request, browser session, terminal, deployment, dashboard, or workflow state. Agents update the canvas as they work, and developers can edit, reorder, approve, or redirect that work on the same surface.

This is the beginning of agent experience (AX) in the Copilot app: interfaces where people and agents operate together. Chat is where you instruct, discuss, and reason through ambiguity. Canvases are where that intent becomes visible work you can inspect, steer, and verify.

Agents that can only suggest code leave you do a lot of the work. To be more effective, agents need to run code, inspect results, test changes, and iterate, without touching production.

Cloud and local sandboxes for GitHub Copilot give agents a bounded place to act. Choose where Copilot runs—on your local machine or in the cloud—and begin unlocking agent-driven workflows while prioritizing security and enterprise policy enforcement, and without local resource constraints.

With local sandboxing, Copilot runs in an isolated environment directly on your machine, with restricted access to filesystems, network connectivity, and system capabilities. Local sandbox policies can be centrally configured and enforced.

In the cloud, each sandbox runs in a fully isolated, ephemeral Linux environment hosted by GitHub. Organizations define their own policies. From the cloud, you can pick up Copilot sessions anywhere, on any device, with remote control.

Code review that scales with agentic output

As agents produce more pull requests, the pressure on code review compounds. Copilot code review brings an adaptable, agentic system to filter through the noise, allowing you to focus your energy where it matters most while Copilot conducts code reviews.

You can now extend Copilot so every review reflects your own standards, internal systems, and engineering context via custom agent skills, MCP server connections, and configurable actions workflows.

Copilot code review now offers medium tier review, which routes pull requests to a higher-reasoning model for better precision and recall. Admins can set guidelines for individual repositories to “low” or “medium.” This lets you assign lighter, cost-efficient models for low-risk code and save more robust model use for repos with higher impact.

The /security-review skill gives Copilot a dedicated path for security-focused evaluation. The /rubberduck skill is now generally available to use multiple model families to critique your implementation and find novel issues.

And if you’re working on Azure DevOps, you can now use Copilot code review natively. Get the same one-click review, inline comments, and committable fix suggestions you expect, and admins can enable code review on whichever repos they want.

One runtime for apps, tools, and agents

The same agentic capabilities work across the terminal, the cloud, and even your own tools, on the same foundation.

You can now build your own tools with the GitHub Copilot SDK. Now generally available in Node.js/TypeScript, Python, Go, .NET, Rust, and Java, it exposes the same agentic runtime that powers the Copilot app. If your team needs an internal code analysis tool, a custom release-notes generator, or an agent embedded in a support workflow, you build it on the same foundation instead of wiring together a bespoke stack. One runtime, many surfaces.

For developers who prefer to work in the terminal, Copilot CLI now has a redesigned interface, voice input, and scheduled tasks to keep you there.

Copilot CLI has a redesigned TUI in /experimental mode with tabbed access to pull requests, issues, and gists from the terminal. Voice mode uses on-device speech-to-text, so audio never leaves your machine. /every schedules recurring prompts and background tasks.

Cloud automations let agents run on a schedule, respond to GitHub events, open issues, and leave comments. By default, the cloud agent asks permission before each write action. Switch to autopilot once you have established trust.

Engineering doesn’t end with writing code. It includes filing the issue, kicking off the discussion, and replying to reviewers. Copilot cloud agent can now handle every one of those steps.

Memory++ and /chronicle give Copilot continuity across devices and over time. Query context from sessions started in the app, CLI, VS Code, or on GitHub.

Partner-built agent apps integrate with GitHub Copilot to help automate tasks, generate code, analyze context, and execute actions. Use your favorite tools without leaving GitHub. Assign issues to new agents that fit your workflow. Partners include LaunchDarkly, Bright, Amplitude, Sonar, Endor Labs, Octopus Deploy, Packfiles, PagerDuty, and Miro. Start using these agent apps today. And join the waitlist so your company can also bring its own agent apps to GitHub.

What we’re building toward

Professional software demands judgment, verification, and accountability. That is why the GitHub Copilot app, sandboxes, code review, automation, context, and partner ecosystem are coming together as one system: agents can do more of the work, while developers keep control of quality, policy, and delivery.

As agentic workflows grow across GitHub, from repository creation to pull request activity and API usage, the platform has to grow with them. We will continue to focus on availability first. We are committed to hardening these systems so agent-native development is fast, available, and reliable enough for teams to depend on every day.

GitHub is where that system lives, because it is already where the code, the reviews, the issues, and the teams are.

Let’s build.

The post GitHub Copilot app: The agent-native desktop experience appeared first on The GitHub Blog.

Today, developers and security teams are caught in growing tension. AI is accelerating development and introducing new issues around insecure code, opaque models, data exposure, and compliance. Add the challenges of shadow AI and tool sprawl and the result is a widening gap between innovation and control. As developers move faster, security teams struggle to keep up with visibility, governance, and oversight. The resulting friction across the development lifecycle is forcing a tradeoff between speed and safety that doesn’t need to exist. Security needs to move upstream to become part of how developers actually work: built into their day-to-day tools and connected to the tools security teams use.

At Microsoft Build 2026, we are announcing new security tools and capabilities to give developers clear guidance in real time, scale with the complexity of tasks, and provide security teams with a consistent view across the full lifecycle so innovation can move fast and securely without the business losing control. Learn more about our solutions to help secure your code, secure your agents, and secure your models.

Secure your code

Today’s headlines reflect the tension around the power of AI models and the potential threat they pose when used to find and exploit vulnerabilities. It is forcing a shift as security teams look for solutions to help them safely harness the power of these models. At the same time, developers want to use these same models to efficiently identify real, exploitable risk and remediate it within their flow of work. That’s why we developed the Microsoft Security multi-model agentic scanning harness (codename MDASH) and added native integration between Microsoft Defender and GitHub Code Security (part of the former GitHub Advanced Security suite) to help both security and developer teams identify and close gaps early.

Discover and validate exploitable vulnerabilities with codename MDASH

The new Microsoft Security multi-model agentic scanning harness (codename MDASH) is available in an expanded preview for eligible organizations and now includes integration with Microsoft Defender. This new agentic security system orchestrates a pipeline of more than 100 specialized AI agents using an ensemble of models to discover, validate, and prove exploitability across codebases written in popular programming languages.

This approach is unique in the industry. Our multi-model agentic scanning harness uses a configurable panel of models, ranging from state-of-the-art (SOTA) models as the heavy reasoners, to more cost-effective models for high-volume operations. This allows us to trade speed, recall, and cost, and minimize dependency on any specific model.

The combination of multiple models, hundreds of agents, and over 100 trillion signals a day helps identify real risk over theoretical noise, to help teams focus on what can be exploited. The strategic implication is clear: AI vulnerability discovery has crossed from research curiosity into production-grade defense at enterprise scale, and the durable advantage lies in the agentic system around the model rather than any single model itself. MDASH recently jumped roughly 10% in less than three weeks to a new CyberGym industry benchmark score of 96.55%.

“At Accenture, we’re always looking toward the next frontier in protecting our clients and our enterprise. What Microsoft is building with MDASH reflects a meaningful shift from reactive, rule-based scanning to agentic systems that can reason across complex codebases like a skilled security researcher,” says Kris Burkhardt, Chief Information Security Officer at Accenture. Accenture is one of a select group of Security partners and Microsoft Intelligent Security Association (MISA) members that are engaged in the preview to shape MDASH and accelerate agentic AI vulnerability discovery.

Our partner engagements reflect a shared focus on moving from reactive detection to proactive identification of exploitable risk. “We’re seeing cyber threats evolve rapidly, with AI accelerating both the scale and sophistication of attacks. Microsoft’s investment in MDASH reflects a strong commitment to helping organizations stay ahead of this curve. Based on our early discussions and exposure to the innovation, we see strong potential for MDASH to simplify and strengthen SecOps, helping organizations operate with greater resilience and confidence,” says Morgan Adamski, Principal and Deputy Platform Leader of Cyber, Data, and Tech Risk at PwC US.

Together, we are partnering across the industry to use leading models paired with our platforms and expertise to deliver protection at scale. Together, we are partnering across the industry to use leading models paired with our platforms and expertise to deliver protection at scale. “We’re excited to work with Microsoft on MDASH because it addresses one of the most pressing challenges our customers face: reducing the time between discovering a vulnerability and taking meaningful action. Microsoft’s role as a trusted security vendor matters here—customers need innovation, but they also need confidence, governance, and a partner they can rely on. Our early experience with MDASH has been encouraging, and we see real opportunity for it to help organizations modernize how they approach vulnerability discovery and remediation,” says Jason Rader, Insight CISO.  

Reach out to your Microsoft account representative for more information on the expanded preview of codename MDASH.

Prioritize and remediate code vulnerabilities with Microsoft Defender and GitHub Code Security

While codename MDASH identifies and validates what’s truly exploitable, the integration between Microsoft Defender and GitHub Code Security (part of the former GitHub Advanced Security suite), now generally available, brings runtime context into development and security workflows so that teams can prioritize and address risks early minimizing the impact to human resources. Vulnerabilities discovered in code are automatically enriched with real production signals, such as internet exposure and data sensitivity to inform prioritization. Developers can then remediate issues using AI-assisted fixes that are generated, assigned, and validated through GitHub Copilot Autofix and the GitHub Copilot cloud agent.

To support responsible, coordinated disclosure of findings that represent both real and potential vulnerabilities, role-based access controls ensure that only authorized individuals can view and act on them. Together, the production signal enrichment, AI-assisted remediation, and secure handling of findings within a single workflow help security and developer teams focus on real risk and enable teams to act quickly.

Secure your agents

Agents are quickly becoming a new layer of the application stack. As developers build agents and move them into production, they need the tools to ship fast without sacrificing security, including built-in identity, governance, and safety testing. Security teams have overlapping needs: visibility into what’s running, control over what agents can access, and consistent governance across clouds and endpoints. Microsoft is delivering new solutions to help.

Build secure agents from day one

At Build 2026, Microsoft is introducing new capabilities to help developers build secure, enterprise-ready agents by default. With the general availability of the Agent 365 SDK, developers can integrate controls directly into their development workflows, bringing observability, access controls, and compliance enforcement into how agents are designed and deployed. This enables teams to build custom agents for any AI platform that are compliant, and enterprise-ready, and compose well with Agent 365.

Security extends beyond development and into how agents run. On Windows, the Microsoft Execution Container (MXC) SDK provides OS-level control over agent execution, giving developers and IT teams the ability to define containment and policy, applied by the OS through isolation technologies such as process and session isolation. Windows 365 for Agents, now generally available, enables you to run any agent in a fully isolated, policy-governed Cloud PC. Native Windows integration with Agent 365 provides a common foundation for observability, security, and governance, including built-in Intune capabilities to set policies that govern agent runtime execution and control how agents operate.

These new capabilities are now in early preview.

Observe, govern, and secure agents at scale with Agent 365—now including local agents

As agents proliferate across environments, gaining visibility and control over them becomes critical. Agent 365 introduces new capabilities to manage agent sprawl and risk, including an Agent 365 Agent Registry that surfaces unmanaged local agents discovered by Microsoft Defender, Microsoft Entra, and Microsoft Intune—all working together. The registry supports more than 20 types of local agents, including coding agents, AI desktop applications, and both local and remote Model Context Protocol (MCP) servers. From there, Intune policies can be used to block common execution methods for OpenClaw agents.

Security teams also need the ability to defend against emerging threats without slowing developer productivity. Microsoft Defender, Entra, and Intune work together to provide the visibility, runtime protections, and context needed to manage agent risk without slowing developer productivity. Defender enables analysts to investigate agent activity using advanced hunting and provides an exposure graph that helps teams understand how agents are connected across the network. Preview of these capabilities coming soon.

Protecting data is foundational to securing agents at scale. Microsoft Purview controls to prevent data exfiltration, Data Security Posture Management risk discovery, and agentic risk detection for coding agents Claude Code, GitHub Copilot, OpenAI Codex, and OpenClaw. This enables visibility on how local agents access sensitive data, runtime protections for risky prompts, and insights into unsafe agent behaviors. Microsoft Purview Audit also logs all agent activity for full traceability. Preview of these capabilities coming soon.

Trust agents with your data

Developers also need direct, real-time insight into data security posture and risk signals associated with the agents they build. With Purview data risk signals embedded in the Foundry Control Plane, generally available, these signals provide guidance to developers on where to enforce protections before sensitive data is exposed. For example, Purview flags in real time when an agent surfaces sensitive financial data during testing and guides developers to mask or restrict access before deployment.

To further reduce risk, Purview introduces runtime data loss prevention (DLP) for agent prompts in Foundry, in preview with Agent 365. This capability detects, blocks, and audits sensitive data before it is processed by the agent, ensuring that sensitive information never reaches AI models.

Secure your models

Before AI reaches production, teams need to verify that the models they depend on are safe. Now developers can inspect model artifacts, whether platform-native or bring-your-own, with Defender AI model scanning, in preview. To help close gaps early model Defender AI model scanning detects and blocks potentially vulnerable or compromised models across registries, workspaces, and CI/CD pipelines to verify model integrity before deployment.

Trust starts with security

There should never be a choice between innovation and safety.

The capabilities announced today span the full development lifecycle: discovering what’s exploitable, governing what’s running, protecting the data AI depends on, and verifying that agents behave as intended before they reach production. Microsoft security is embedded directly into the platforms and workflows developers already use, supporting innovation across Microsoft Foundry, Copilot Studio, GitHub, and open-source frameworks, and bringing discovery and governance to shadow AI.

But real progress in AI depends on more than breakthrough capabilities—it depends on whether organizations can trust the systems they are building and deploying. That is the common thread across the innovations announced at Build 2026 and the principle guiding our approach. Because the future of AI will belong not just to those who move fastest, but to those who can innovate with trust.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. To learn more about how security is built into the Windows platform, explore the Windows Security book and Windows Server Security book.

The post Microsoft Build 2026: Securing code, agents, and models across the development lifecycle appeared first on Microsoft Security Blog.

---