Microsoft first revealed it was building an Xbox mobile gaming store to take on Apple and Google all the way back in 2022. Former Xbox president Sarah Bond even went on stage at a Bloomberg event nearly two years ago and promised the store would launch in July, 2024. Now, it looks like Microsoft has put the project on hold.
Better xCloud developer redphx noticed that the store URL Microsoft had been testing for the past couple of years no longer works. It's not clear exactly when it disappeared, but the last time the website was updated was nearly a year ago.
The store was originally supposed to compete with Google and Apple, but strict ap …
Recent advances in AI model capabilities are changing how vulnerabilities are discovered and exploited. AI models can autonomously discover weaknesses, chain multiple lower-severity issues into working end-to-end exploits, and produce working proof-of-concept code. This significantly compresses the window between vulnerability discovery and exploitation.
These changes require organizations to rethink exposure, response, and risk. However, the same capabilities that can give attackers an advantage also create a unique opportunity for defenders. When applied correctly, they can accelerate vulnerability discovery, improve detection engineering, and reduce time to mitigation. We look forward to working together as an industry to use these AI model capabilities as part of enterprise-grade solutions to tilt the balance in favor of defenders.
Partnering with leading model providers
Security has been and remains the top priority at Microsoft. Over the last two years, through our Secure Future Initiative (SFI), we have strengthened our security foundations for this age of AI, in part by using AI to accelerate vulnerability discovery and remediation and help defend against threats. We have also invested in fundamental AI for security research, including the development of open-source industry benchmarks that can be used to evaluate whether models are ready for real-world security work.
As we move forward, we are accelerating this work and partnering with the industry to use leading models, paired with our platforms and expertise, to turn AI-driven discovery into protection at scale.
Through Project Glasswing, Microsoft is working closely with Anthropic and industry partners to test Claude Mythos Preview, identify and mitigate vulnerabilities earlier, and coordinate defensive response. We evaluated Mythos using CTI-REALM, our open-source benchmark for real-world detection engineering tasks, and the results showed substantial improvements relative to prior models.
Microsoft is also evaluating other models. As part of our overall security approach, we continuously evaluate models from multiple providers as they are made available and integrate them into our enterprise-grade security platform. This multi-model approach is intentional as no single model defines our strategy.
Taking action in three fundamental areas
Defenders need to move faster to keep pace with AI-driven threats. We are focusing on three areas to help customers reduce risk and improve resilience.
1. AI-led vulnerability discovery and mitigations to stay current on software
We plan to incorporate advanced AI models, like Claude Mythos Preview, directly into our Security Development Lifecycle (SDL) to identify vulnerabilities and develop mitigations and updates. This allows us to discover more issues more quickly across a broader surface area than previous methods and address them earlier in the lifecycle.
AI-assisted discoveries are handled through our existing Microsoft Security Response Center (MSRC) processes, including Update Tuesday—our predictable and systematic way of distributing updates to customers—and out-of-band updates, where appropriate. Customers using Microsoft platform as a service (PaaS) and software as a service (SaaS) cloud services do not need to take any action; mitigations and updates are applied automatically. For customers who deploy Microsoft products on their own infrastructure, whether on-premises or self-hosted, staying current on all security updates is now not only the best practice; it is a fundamental requirement for staying secure against AI exposure.
We will deploy detections to Microsoft Defender, our threat protection solution, when updates are released and share details through the Microsoft Active Protections Program (MAPP) partners to help mitigate risk. We are also using advanced AI models to proactively scan select open-source codebases. Identified issues will be addressed through coordinated vulnerability disclosure.
2. AI-ready posture to reduce exposure
Patching, while critical, is not sufficient on its own. We have identified the five dimensions where autonomous AIdriven attacks gain disproportionate advantage—patching, open-source software, customer source code, internet-facing assets, and baseline security hygiene.
Others in the industry have shared guidance and rightly emphasized the importance of continuous asset discovery and posture management. We are delivering an integrated experience through a new Microsoft Security Exposure Management blade—Secure Now—that combines guidance with the ability to act, so customers proactively reduce their exposure. Secure Now is available today at https://security.microsoft.com/securenow
3. AI-powered solutions to defend at scale
Beyond plans to use advanced AI models directly into our Security Development Lifecycle (SDL), we are separately building new solutions to help customers leverage advanced AI models to improve their security at enterprise scale.
Rapidly deployed Defender detections developed for AI-discovered vulnerabilities, sim-shipping with corresponding updates to help mitigate risk immediately.
We have learned through our own testing that model capability to discover potential vulnerabilities is only the beginning. Organizations must also be able to use AI to validate and prioritize based on exploitability and impact, and build the fix. To help we plan to productize a new multi-model AI-driven scanning harness developed internally and make it available to customers to streamline their experience and deliver outcomes more quickly. This solution is expected to be available in preview in June 2026.
Our goal is to ensure findings are actionable. While models are powerful on their own, without prioritization and context, large volumes of results can overwhelm development teams. These new solutions are designed to pair model output with the context and security solutions needed for enterprises to drive security effectiveness at scale.
Get started today
Customers can get started now by reviewing the guidance at https://security.microsoft.com/securenow. Any customer with a Microsoft Entra ID will be able to access the guidance. In addition, Microsoft Security customers will have access to capabilities that enable them to assess their exposure and take action.
We have also mobilized our Customer Success organization to support customers in implementing this guidance.
What’s ahead
This work is ongoing. We will continue to share updates as testing progresses, new models emerge, and new guidance and solutions become available. The threat landscape will continue to evolve, but so will our defenses—and we are committed to ensuring that our customers have the tools, guidance, and partnership they need to stay ahead.
Security is a team sport. The organizations that act on this shift—by staying current on patches, reducing exposure, and leveraging AI-powered security solutions—will be significantly harder to compromise than those that do not. The time to act is now and we look forward to partnering with the industry to build a safer world for all.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
It converts typographic symbols like ' to opening or closing quotes (' or ').
So, I can skip several HTML tags — like <p>, <strong>, <em>, <ul>, <ol>, <li>, and <a>. I can also skip heading tags if I don’t need to add classes to them.
<div class="card">
<!-- prettier-ignore -->
<Markdown>
## Card Title
This is a paragraph with **strong** and *italic* text.
This is the second paragraph with a [link](https://link-somewhere.com)
- List
- Of
- Items
</Markdown>
</div>
Notice the prettier-ignore comment? It tells prettier not to format the contents within the <Markdown> block so Prettier won’t mess up my Markdown content.
The HTML output will be as follows:
<div class="card">
<h2> Card Title </h2>
<p>This is a paragraph with <strong>strong</strong> and <em>italic</em> text.</p>
<p>This is the second paragraph with a <a href="https://link-somewhere.com">link</a></p>
<ul>
<li> List </li>
<li> Of </li>
<li> Items </li>
</ul>
</div>
You can write your Markdown naturally, as if you’re writing content normally. This Markdown component detects the indentation and outputs the correct values (without wrapping them in <pre> and <code> tags).
<div>
<div>
<!-- prettier-ignore -->
<Markdown>
This is a paragraph
This is a second paragraph
</Markdown>
</div>
</div>
Here’s the output:
<div>
<div>
<p>This is a paragraph</p>
<p>This is a second paragraph</p>
</div>
</div>
Inline Option
There’s an inline option that tells the <Markdown> component not to generate paragraph tags.
<h2 class="max-w-[12em]">
<Markdown inline> Ain't this cool? </Markdown>
</h2>
Here’s the output:
<h2 class="max-w-[12em]">
Ain't this cool?
</h2>
Gotchas and Caveats
Prettier messes up the <!-- prettier-ignore --> block if you have unicode characters like emojis and em dashes anywhere before the block.
Here’s the original code:
<!-- prettier-ignore -->
<Markdown>
Markdown block that contains Unicode characters 🤗
</Markdown>
<!-- prettier-ignore -->
<Markdown>
Second Markdown block.
</Markdown>
Here’s what it looks like after saving:
<!-- prettier-ignore -->
<Markdown>
Markdown block that contains unicode characters 🤗
</Markdown>
<!-- prettier-ignore -->
<Markdown>
Second Markdown block.
</Markdown>
Unfortunately, we can’t do much about emojis because the issue stems from Prettier’s formatter.
But, we can use en and em dashes by writing -- and ---, respectively.
Content Workaround
You can prevent Prettier from breaking all those <!-- prettier-ignore --> comments by not using them!
To do this, you just put your content inside a content property. No need to worry about whitespace as well — that’s taken care of for you.
<Markdown content=`
This is a paragraph
This is another paragraph
`/>
Personally, I think it doesn’t look at nice as slot version above…
But it lets you use markdown directly with any JS or json content you load!
---
const content = `
This is a paragraph
This is another paragraph
`
---
<Markdown {content} />
Taking it Further
I’ve been building with Astro for 3+ years, and I kept running into the same friction points on content-heavy sites: blog pages, tag pages, pagination, and folder structures that get messy over time.
So I built Practical Astro: Content Systems — 7 ready-to-use solutions for Astro content workflows (MDX is just one of them). You get both the code and the thinking behind it.
If you want a cleaner, calmer content workflow, check it out.
I also write about Astro Patterns and Using Tailwind + CSS together on my blog. Come by and say hi!
Roo Code, an open source AI coding tool built for VS Code, has announced that it’s shutting down its VS Code extension, Cloud, and Router services on May 15, as the team shifts away from IDE-based development toward autonomous agents that run tasks end-to-end outside the editor.
In tandem, the company also introduced Roomote, a cloud-based coding agent that runs tasks end-to-end across tools such as Slack, GitHub, and Linear, producing ready-to-review outputs for developers to inspect and refine.
Roomote in action
Matt Rubens, Roo Code CEO and co-founder, writes in an X post this week that his own internal team was already moving away from using Roo Code inside the IDE, instead running it in remote cloud environments where agents could take on multiple tasks in parallel without direct oversight. These agents would open fixes, run the application, and verify their own output before handing off completed work for review.
At that point, much of the development work was happening outside the IDE, with engineers stepping in after the fact. And that effectively meant entire chunks of routine engineering work were being completed without direct involvement from developers.
“If the agent can create a good PR [pull request] from a single prompt, the interaction model changes completely – you let go of the IDE and focus on driving things end-to-end,” Rubens said. “The agent doesn’t just help engineers – it wipes entire types of work off their plate and delivers something nobody has to clean up.”
A fork in the road
Roo Code, for the uninitiated, emerged in late 2024 as a fork of Cline, an earlier open source AI coding agent. While many forks appeared off the back of Cline, Roo Code set itself apart in several ways, including features that gave agents more autonomy to act on a developer’s behalf.
That approach helped it gain traction quickly, building an active contributor base and reaching around 3 million installs. Roo Code also fed improvements back upstream, with Cline founder and CEO Saoud Rizwan writing on Reddit on Tuesday that it had “contributed to Cline more than anyone else” among the various forks.
“Since Cline went open source, we’ve seen countless forks — small startups to some of the largest enterprises,” Rizwan writes. “Some forks didn’t give us credit, some bought malicious ads in our Subreddit, but Roo was a good fork. They innovated, built an incredible community, and contributed to Cline more than anyone else.”
Roo Code’s trajectory also reflects how open source projects evolve through forks and shared contributions, with different teams building on the same base while competing for users. Its imminent shutdown has already prompted other projects to move in and capture that community.
“Kilo started as a fork of Roo — we’ve been contributing back upstream since our inception, and a lot of what Kilo does well today started with the work Roo shipped first,” Turcotte wrote.
However, with the folks at Roo Code proclaiming that it “doesn’t believe IDEs are the future of coding,” Turcotte countered that view.
“The IDE is not over — far from it, actually.”
“The IDE is not over — far from it, actually,” he contends. “Every independent developer, every engineering team, every enterprise shipping production software still lives in an editor for most of their working hours. That’s not going away, and the quality of the agent sitting next to them in that environment matters enormously.”
Still, the idea that the IDE is becoming a second-class citizen isn’t exactly a novel concept, as developers spend less time writing code line by line and more time assigning and reviewing work produced by agents. In that model, the editor remains in use, but increasingly as a place to inspect and verify outputs while much of the work happens elsewhere.
This broader pattern is also reflected in recent product moves. Cursor’s latest release shifts its interface toward an agent management console, enabling developers to manage parallel tasks and long-running jobs across local and cloud environments.
Roomote control
Roo Code’s shutdown will be final come May 15, 2026, with any unused balances tied to its paid services refunded. Users relying on the extension are being directed toward alternatives such as Cline.
Rather than assisting developers step by step in an IDE, Roomote — currently on a waiting list — is designed to take a prompt and carry out tasks end-to-end, integrating with tools such as Slack, GitHub, and Linear to generate pull requests, fixes, and feature updates. It also runs the generated code and verifies the results before handing the work back for review.
Roomote
It’s worth noting that Roo Code already offered cloud-based agents in the form of Roo Code Cloud that could operate across tools such as Slack, GitHub, and Linear, allowing teams to delegate tasks outside the editor. However, those capabilities were part of a broader product suite built around its extension and supporting services. Roomote replaces that with a standalone system where the agent itself becomes the main interface, removing the need to manage multiple tools and shifting more of the development process into a single, prompt-driven environment.
Roomote also continues to be one of Roo Code’s core selling points: a model-agnostic setup that allows the agent to switch between providers depending on the task. That mirrors a broader trend across an array of open source coding agents such as OpenCode, Cline, and Kilo Code, which sit above the model layer and offer greater flexibility in how developers access and use different models.
Roo Code’s transition comes as the tools and competition in the space have rapidly evolved, with new interfaces emerging, models improving, and rival projects iterating in parallel. Rubens said this made it clear the company was focusing on an approach that no longer aligned with where development was heading.
“We made the call [to sunset Roo Code] not because Roo Code failed, but because the world it served would cease to exist,” Rubens said. “We’re letting it go because we’re already all-in on what comes next.”
Google Cloud has introduced the Agents CLI, a specialized tool designed to bridge the gap between local development and production-grade AI agent deployment. The CLI provides coding assistants with machine-readable access to the full Google Cloud stack, reducing context overload and token waste during the scaffolding process. By streamlining evaluation, infrastructure provisioning, and deployment into a single programmatic backbone, the tool enables developers to move from initial concept to a live service in hours rather than weeks.
Log in
We’re announcing the general availability of Gemini Embedding 2 via the Gemini API and Vertex AI.
