Microsoft Wants to Put AI Agents on a Short Leash

Enterprises are rapidly embedding generative AI agents into their development pipelines to speed up coding, testing and deployment. While these agents can write, modify, and execute code autonomously, they also introduce new attack surfaces—unintended file access, secret leakage, and rogue network calls. Microsoft’s new Execution Container (MXC) tackles this problem by offering a sandboxed runtime that enforces JSON‑defined policies across Windows, Linux and macOS. Developers can explicitly whitelist files, network endpoints, credentials and other resources, ensuring that an agent’s actions remain within a pre‑approved perimeter and reducing the risk of supply‑chain compromise.

Complementing MXC, Microsoft upgraded its Security Multi‑model Agentic Scanning Harness (MDASH), a system that orchestrates more than a hundred specialized AI agents to hunt for vulnerabilities in generated code. MDASH evaluates exploitability, prioritizes findings, and feeds results directly into Microsoft Defender, enabling security teams to remediate issues before they reach production. The preview expansion announced at Build integrates MDASH into broader enterprise security workflows, giving organizations a unified view of both code‑level flaws and runtime policy violations. Early deployments have already uncovered critical Windows remote‑code‑execution bugs, demonstrating the value of AI‑driven pre‑emptive scanning.

Recognizing that technical controls alone cannot guarantee responsible AI behavior, Microsoft also released two open‑source standards: Adaptive Spec‑driven Scoring for Evaluation and Regression Testing (ASSERT) and the Agent Control Specifications (ACS). ASSERT provides a repeatable framework for testing agents against security and operational benchmarks, while ACS defines portable governance policies that travel with agents across clouds and runtimes. By making these tools publicly available, Microsoft aims to foster an ecosystem where developers, auditors and regulators share a common language for agent compliance. The combined stack positions Microsoft as a de‑facto security platform for the next generation of autonomous development tools.