The order creates a Justice Department task force to challenge state AI laws and directs the Commerce Department to pull future broadband funding from states that pass “onerous” legislation.

GitHub Actions has grown massively since its release in 2018; in 2025 alone, developers used 11.5 billion GitHub Actions minutes in public and open source projects, up 35% year over year from 2024. At the same time, this has not been without its growing pains, and you’ve made clear to  us what improvements matter most: faster builds, improved security, better caching, more workflow flexibility, and rock-solid reliability. 

Meeting that level of demand first required a deliberate investment in re-architecting the core backend services powering every GitHub Actions job and runner. This was a substantial effort that laid the foundation for the long-term performance, scalability, and feature delivery you’ve been asking for. That new architecture is rolled out, powering 71 million jobs per day and giving us deeper visibility into developer experience across the platform. 

With that work behind us, we shift our attention back to your top requests for much needed, long-standing quality-of-life improvements. Below, we’ll walk through what we’ve shipped this year, how you can get started with these upgrades today, and what’s coming in 2026. 

Let’s jump in. 

Rebuilding the core of GitHub Actions

In early 2024, the GitHub Actions team faced a problem. The platform was running about 23 million jobs per day, but month-over-month growth made one thing clear: our existing architecture couldn’t reliably support our growth curve. In order to increase feature velocity, we first needed to improve reliability and modernize the legacy frameworks that supported GitHub Actions.

The solution? Re-architect the core backend services powering GitHub Actions jobs and runners. Our goals were to improve uptime and resilience against infrastructure issues, improve performance and reduce internal throttles, and leverage GitHub’s broader platform investments and developer experience improvements. We aimed to scale 10x over existing usage. This effort was a big bet and consumed a significant part of our team’s focus. And the work is paying off by helping us handle our current scale, even as we work through the last pieces of stabilizing our new platform.

Since August, all GitHub Actions jobs have run on our new architecture, which handles 71 million jobs per day (over 3x from where we started). Individual enterprises are able to start 7x more jobs per minute than our previous architecture could support. 

This was not without its share of pain; it slowed the pace of feature work and delayed progress on long-standing community requests. We knew this would be a tough call, but it was a critical decision to enable our future roadmap and sustainability as a product.

Shifting our focus back to community-requested improvements

We acknowledge we still have a ways to go, and this is just the beginning of this new chapter of the GitHub Actions story. As we shift our focus back to much-needed improvements, we want to call out some of the most recent ships on this front:

YAML anchors reduce duplication in complex workflows

First up, we shipped support for YAML anchors, one of the most requested features across both the runners and community repositories. YAML anchors reduce repetitive configuration in GitHub Actions workflows by letting you define settings once with an anchor (&) and reference them elsewhere with an alias (*). This allows you to maintain consistent environment variables, step configurations, or entire job setups across your workflows—all defined centrally rather than repeated across multiple jobs.

💡 Read our Docs to learn more about YAML anchors and aliases

Non-public workflow templates for consistent CI across teams

We released non-public workflow templates, a longstanding request from organizations that want consistent, private workflow scaffolding.  

Non-public workflow templates let organizations set up common templates for their teams directly in their .github repository, giving developers a reliable starting point when spinning up new workflows. Instead of manually copying CI patterns across repositories, teams can now work from a shared set of patterns.

💡 Read our Docs to learn more about workflow templates 

Deeper reusable workflows for modular, large-scale pipelines

We shipped increases to reusable workflow depth (another key request from the community).  Reusable workflows let you break your automation into modular, shareable pieces. With the updated limits now supporting 10 levels of nesting and 50 workflow calls per run, teams now have more flexibility to structure their CI/CD pipelines in a way that’s maintainable and scales with their architectural requirements.

💡 Read our Docs to learn more about reusable workflows

Larger caches for bigger projects and dependency-heavy builds

Repositories can now exceed the previous 10GB cache limit, removing a long-standing pain point for teams with large dependencies or multi-language monorepos.

For teams with larger codebases or complex build pipelines, the old 10GB GitHub Actions cache limit often meant build dependencies were evicted before they could speed up your next workflow run, leading to repeated downloads and slower builds. This release was only possible due to our architecture rework and fulfills a request from the community, particularly among some of our largest users.

💡 Read our Docs to learn more about managing cache storage

More workflow dispatch inputs for richer automation

In early December, we shipped an increase to the number of workflow dispatch inputs from 10 to 25, which also came up in our community discussions. Now developers have more flexibility to build sophisticated self-service workflows, whether teams are parameterizing deployments, configuring test runs, or building reusable automation with richer input options.

💡 Read our docs to learn more about manually running a workflow with workflow_dispatch

More performance and platform improvements shipped in 2025

We also made progress on the strong foundation laid earlier this year, including arm64-hosted runners for public repositories, macOS 15 and Windows 2025 images (now generally available), Actions Performance Metrics (also generally available), and Custom Image support in public preview.

These releases are designed to improve day-to-day workflow quality and remove long-standing friction.

What’s coming in early 2026

This is just the beginning as there is much we need to do to deliver an even better experience with GitHub Actions. Here’s what we’re planning for the first quarter of 2026, influenced by some of the top requests from our community:

1. Support for timezones in scheduled jobs and updates to schedule reliability.
2. Return the run ID from workflow dispatch.
3. Adding a case function for expressions so they have a conditional operator or function.
4. UX improvements, including faster page load times, better rendering for workflows with over 300 jobs, and a filter for the jobs list. 

Moreover, we’ll start work on parallel steps, one of the most requested features across GitHub Actions. Our goal is to ship it before mid-2026. Lastly, we are going to raise the bar and start to address some of the asks to lift quality in our open source repositories—we appreciate we need to drive up the quality of our experience here as well. 

Help us shape the 2026 roadmap for GitHub Actions

GitHub Actions is one of the most important primitives on GitHub. It powers the builds, tests, deployments, automations, and release processes that define how software ships today. 

Our promise to you: 2026 will bring more consistent releases, more transparency, and continued focus on the fundamentals that matter most. We are also increasing funding towards this area to enable us to meet your expectations faster than before.

And this is where we need your help to make sure we’re focusing on the quality-of-life improvements that matter the most. We need your feedback. To support our work:

1. Keep voting for your most important items in the community discussions.
2. Join us in our new community discussion post, where the GitHub Actions product and engineering leads will be actively discussing with you what comes next. 
3. Help us drive a plan for next year to make actions the best it can be.

We know GitHub Actions powers how developers build software, and the best version is the one we’ll build together. And as always, you can keep up to date with the GitHub Actions releases through the GitHub Changelog. 

The post Let’s talk about GitHub Actions appeared first on The GitHub Blog.

In the latest edition of our Cyberattack Series, we dive into a real-world case of fake employees. Cybercriminals are no longer just breaking into networks—they’re gaining access by posing as legitimate employees. This form of cyberattack involves operatives posing as legitimate remote hires, slipping past human resources checks and onboarding processes to gain trusted access. Once inside, they exploit corporate systems to steal sensitive data, deploy malicious tools, and funnel profits to state-sponsored programs. In this blog, we unpack how this cyberattack unfolded, the tactics employed, and how Microsoft Incident Response—the Detection and Response Team (DART)—swiftly stepped in with forensic insights and actionable guidance. Download the full report to learn more.

Insight
Recent Gartner research reveals surveyed employers report they are increasingly concerned about candidate fraud. Gartner predicts that by 2028, one in four candidate profiles worldwide will be fake, with possible security repercussions far beyond simply making “a bad hire.”¹

What happened?

What began as a routine onboarding turned into a covert operation. In this case, four compromised user accounts were discovered connecting PiKVM devices to employer-issued workstations—hardware that enables full remote control as if the threat actor were physically present. This allowed unknown third parties to bypass normal access controls and extract sensitive data directly from the network. With support from Microsoft Threat Intelligence, we quickly traced the activity to the North Korean remote IT workforce known as Jasper Sleet.

 
TACTIC
PiKVM devices—low-cost, hardware-based remote access tools—were utilized as egress channels. These devices allowed threat actors to maintain persistent, out-of-band access to systems, bypassing traditional endpoint detection and response (EDR) controls. In one case, an identity linked to Jasper Sleet authenticated into the environment through PiKVM, enabling covert data exfiltration.

DART quickly pivoted from proactive threat hunting to full-scale investigation, leveraging numerous specialized tools and techniques. These included, but were not limited to, Cosmic and Arctic for Azure and Active Directory analysis, Fennec for forensic evidence collection across multiple operating system platforms, and telemetry from Microsoft Entra ID protection and Microsoft Defender solutions for endpoint, identity, and cloud apps. Together, these tools and capabilities helped trace the intrusion, contain the threat, and restore operational integrity.

How did Microsoft respond?

Once the scope of the compromise was clear, DART acted immediately to contain and disrupt the cyberattack. The team disabled compromised accounts, restored affected devices to clean backups, and analyzed Unified Audit Logs—a feature of Microsoft 365 within the Microsoft Purview Compliance Manager portal—to trace the threat actor’s movements. Advanced detection tools, including Microsoft Defender for Identity and Microsoft Defender for Endpoint, were deployed to uncover lateral movement and credential misuse. To blunt the broader campaign, Microsoft also suspended thousands of accounts linked to North Korean IT operatives.

What can customers do to strengthen their defenses?

This cyberthreat is challenging, but it’s not insurmountable. By combining strong security operations center (SOC) practices with insider risk strategies, companies can close the gaps that threat actors exploit. Many organizations start by improving visibility through Microsoft 365 Defender and Unified Audit Log integration and protecting sensitive data with Microsoft Purview Data Loss Prevention policies. Additionally, Microsoft Purview Insider Risk Management can help organizations identify risky behaviors before they escalate, while strict pre-employment vetting and enforcing the principle of least privilege reduce exposure from the start. Finally, monitor for unapproved IT tools like PiKVM devices and stay informed through the Threat Analytics dashboard in Microsoft Defender. These cybersecurity practices and real-world strategies, paired with proactive alert management, can give your defenders the confidence to detect, disrupt, and prevent similar attacks.

What is the Cyberattack Series?

In our Cyberattack Series, customers discover how DART investigates unique and notable attacks. For each cyberattack story, we share:

• How the cyberattack happened.
• How the breach was discovered.
• Microsoft’s investigation and eviction of the threat actor.
• Strategies to avoid similar cyberattacks.

DART is made up of highly skilled investigators, researchers, engineers, and analysts who specialize in handling global security incidents. We’re here for customers with dedicated experts to work with you before, during, and after a cybersecurity incident.

Learn more

To learn more about DART capabilities, please visit our website, or reach out to your Microsoft account manager or Premier Support contact. To learn more about the cybersecurity incidents described above, including more insights and information on how to protect your own organization, download the full report.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

---

¹AI Fuels Mistrust Between Employers and Job Candidates; Recruiters Worry About Fraud, Candidates Fear Bias

The post Imposter for hire: How fake people can gain very real access appeared first on Microsoft Security Blog.

The 300-person startup hopes bringing designers aboard will give it an edge in an increasingly competitive AI software market.

AI yells at voice agents so you don't have to.

Igniting what’s next: What software development companies need to know about Microsoft’s AI announcements at Ignite 2025

The AI landscape took a major leap forward at Microsoft Ignite 2025, and for software development companies and digital natives, the announcements represent a massive opportunity: faster innovation, simplified agent development, access to enterprise‑ready AI platforms, and a dramatically expanded ecosystem to build on.

This year, Microsoft introduced the era of agentic AI—and software companies are at the center of this shift.

Ignite 2025 formally unveiled Microsoft Foundry, our unified platform for building, governing, and scaling intelligent agents. From new agent runtimes to multi‑agent orchestration, enterprise‑grade knowledge access, and one‑click publishing to Microsoft 365, the momentum creates one clear signal:
💡 AI assistants are becoming intelligent agents—and Foundry is the platform software companies will use to build them.

Why Microsoft Ignite 2025 mattered for software companies

Across every session, Microsoft doubled down on helping partners accelerate time‑to‑market with agentic AI solutions. Whether you’re building vertical apps, automation copilots, knowledge systems, or developer tools, the new capabilities in Foundry eliminate much of the heavy lifting associated with retrieval, orchestration, compliance, hosting, and model selection.

Key themes this year from Azure AI:

• Unified agent platform across all Microsoft clouds
• Framework‑agnostic development (bring your own models, tools, or frameworks)
• Enterprise‑grade governance built into the lifecycle
• Open ecosystem and interoperability using MCP, A2A, OpenAPI
• Seamless distribution through Microsoft 365 and Teams

Let’s break down what’s new—and what it means for your product strategy.

Top announcements for software companies at Ignite 2025

Microsoft Foundry: A unified brand for AI agent development

Azure AI Foundry is now Microsoft Foundry—a consolidated platform for building, deploying, and managing intelligent agents.

For software companies, this means:

• One consistent developer experience
• Shared governance and compliance across products
• A more integrated ecosystem for publishing and distributing agentic solutions

This rebrand isn’t cosmetic—it reflects Microsoft’s strategic shift to deliver a platform built explicitly for the next generation of AI agents.

 

Introducing Foundry IQ: Your enterprise knowledge engine

One of the most exciting announcements is Foundry IQ, a new engine that gives agents instant access to enterprise data from SharePoint, OneLake, ADLS, and the web, all governed by Purview.

For software companies, this unlocks:

• Reliable, production‑grade knowledge retrieval without building RAG pipelines
• Consistent compliance and security models
• Faster customer onboarding with fewer integration gaps

Foundry IQ is a game‑changer for teams who have spent months building retrieval layers or maintaining custom RAG components.

 

Foundry Control Plane: Unified governance for all agents

Now in public preview, the Foundry Control Plane enables teams to manage agents across frameworks, clouds, and environments.

Highlights:

• Unified visibility and observability
• Built‑in security & compliance (Defender, Purview)
• Fleet‑wide monitoring for cost, health, and risk

For software companies offering multi‑tenant solutions or operating in regulated industries, this dramatically simplifies the operational burden of managing AI agents.

 

Agent Framework (public preview): SK + AutoGen, Unified

The Microsoft Agent Framework, now in public preview, merges the strengths of Semantic Kernel and AutoGen into a single SDK for building durable, interoperable agents.

Software companies gain:

• A consistent programming model
• Durable memory
• Strong interoperability with MCP, A2A, OpenAPI
• Framework‑agnostic design

This is the developer foundation for future AI applications built on Microsoft clouds.

 

Hosted Agents: Enterprise‑grade runtime, no infrastructure needed

With Hosted Agents, teams can deploy custom‑code agents directly into a fully managed runtime—no containers, pipelines, or infra setup.

What this enables for software companies:

• Faster deployment cycles
• Secure, autoscaling environments
• Simple onboarding for customer‑specific agents
• Observability and monitoring built in

This drastically reduces the operational overhead many software companies face today.

 

Multi‑agent workflows & connected intelligence

Ignite 2025 introduced major advancements in multi‑agent orchestration:

• Built‑in memory across sessions
• A catalog of 1,000+ Microsoft & partner tools (with private catalogs for software companies)
• Visual and programmatic orchestration tools
• Enterprise‑ready coordination for long‑running workflows
• Foundry IQ for instant knowledge access

This allows software companies to design more autonomous, intelligent, and interconnected systems—moving beyond assistants toward true digital workers.

 

Model Router GA + Anthropic partnership expansion

There are two major updates for model flexibility:

Model Router GA

Now supporting 11,000+ models, the router helps developers intelligently choose the best model for each task, optimizing both cost and performance.

Anthropic Claude models in Foundry

Claude Sonnet 4.5, Opus 4.1, and Haiku 4.5 are now integrated into Microsoft Foundry through an expanded partnership with Anthropic.

This gives software companies more choice, capability, and model‑agnostic development paths.

 

One‑click publishing to Microsoft 365 & Teams

One of the biggest wins for software companies: Agents built in Foundry can now be published to Microsoft 365 and Teams Chat with one click.

This means:

• Access to hundreds of millions of users
• Unified governance through Microsoft Admin Center
• Seamless integration with Copilot experiences

For software companies, this is a massive new distribution channel.

Why this matters for software development companies

Ignite 2025 didn’t just introduce new products—it signaled a platform shift.

software companies now have:

1. A full-stack platform for agentic applications - From data access to orchestration, hosting, deployment, and compliance.

2.  A unified runtime and SDK - Reducing fragmentation and speeding up development cycles.

3.  Enterprise reach through Microsoft 365 - Making your agents as discoverable as apps.

4.  A rapidly expanding ecosystem - More models, more tools, more integration points.

If you’re building AI-powered products, this is your moment.

Get hands-on: Sessions & resources for software companies

Here are links to top Ignite sessions to dive deeper.

• Build & Manage AI Apps with Your Agent Factory
• AI Agents in Azure AI Foundry: Ship Fast, Scale Fearlessly
• AI‑Powered Automation & Multi‑Agent Orchestration
• Agent Developer Guide for Foundry Agent Service
• The Future of RAG with Agentic Retrieval & AI Search

What’s next: December Foundry Council Session

Join us on Dec 18 for the Ignite Recap session through the Foundry Partner Council. It’s the best opportunity for software companies to:

• Get deeper into the new capabilities
• Share partner/DN feedback
• Join focus groups

 

For more information about the December 18 session, contact foundrycouncil@microsoft.com or visit aka.ms/foundrycouncil