Normal view

Microsoft Build 2026: Securing code, agents, and models across the development lifecycle

2 June 2026 at 19:15

Today, developers and security teams are caught in growing tension. AI is accelerating development and introducing new issues around insecure code, opaque models, data exposure, and compliance. Add the challenges of shadow AI and tool sprawl and the result is a widening gap between innovation and control. As developers move faster, security teams struggle to keep up with visibility, governance, and oversight. The resulting friction across the development lifecycle is forcing a tradeoff between speed and safety that doesn’t need to exist. Security needs to move upstream to become part of how developers actually work: built into their day-to-day tools and connected to the tools security teams use.

At Microsoft Build 2026, we are announcing new security tools and capabilities to give developers clear guidance in real time, scale with the complexity of tasks, and provide security teams with a consistent view across the full lifecycle so innovation can move fast and securely without the business losing control. Learn more about our solutions to help secure your code, secure your agents, and secure your models.

Secure your code

Today’s headlines reflect the tension around the power of AI models and the potential threat they pose when used to find and exploit vulnerabilities. It is forcing a shift as security teams look for solutions to help them safely harness the power of these models. At the same time, developers want to use these same models to efficiently identify real, exploitable risk and remediate it within their flow of work. That’s why we developed the Microsoft Security multi-model agentic scanning harness (codename MDASH) and added native integration between Microsoft Defender and GitHub Code Security (part of the former GitHub Advanced Security suite) to help both security and developer teams identify and close gaps early.

Discover and validate exploitable vulnerabilities with codename MDASH

The new Microsoft Security multi-model agentic scanning harness (codename MDASH) is available in an expanded preview for eligible organizations and now includes integration with Microsoft Defender. This new agentic security system orchestrates a pipeline of more than 100 specialized AI agents using an ensemble of models to discover, validate, and prove exploitability across codebases written in popular programming languages.

This approach is unique in the industry. Our multi-model agentic scanning harness uses a configurable panel of models, ranging from state-of-the-art (SOTA) models as the heavy reasoners, to more cost-effective models for high-volume operations. This allows us to trade speed, recall, and cost, and minimize dependency on any specific model.

The combination of multiple models, hundreds of agents, and over 100 trillion signals a day helps identify real risk over theoretical noise, to help teams focus on what can be exploited. The strategic implication is clear: AI vulnerability discovery has crossed from research curiosity into production-grade defense at enterprise scale, and the durable advantage lies in the agentic system around the model rather than any single model itself. MDASH recently jumped roughly 10% in less than three weeks to a new CyberGym industry benchmark score of 96.55%.

“At Accenture, we’re always looking toward the next frontier in protecting our clients and our enterprise. What Microsoft is building with MDASH reflects a meaningful shift from reactive, rule-based scanning to agentic systems that can reason across complex codebases like a skilled security researcher,” says Kris Burkhardt, Chief Information Security Officer at Accenture. Accenture is one of a select group of Security partners and Microsoft Intelligent Security Association (MISA) members that are engaged in the preview to shape MDASH and accelerate agentic AI vulnerability discovery.

Our partner engagements reflect a shared focus on moving from reactive detection to proactive identification of exploitable risk. “We’re seeing cyber threats evolve rapidly, with AI accelerating both the scale and sophistication of attacks. Microsoft’s investment in MDASH reflects a strong commitment to helping organizations stay ahead of this curve. Based on our early discussions and exposure to the innovation, we see strong potential for MDASH to simplify and strengthen SecOps, helping organizations operate with greater resilience and confidence,” says Morgan Adamski, Principal and Deputy Platform Leader of Cyber, Data, and Tech Risk at PwC US.

Together, we are partnering across the industry to use leading models paired with our platforms and expertise to deliver protection at scale. “We’re excited to work with Microsoft on MDASH because it addresses one of the most pressing challenges our customers face: reducing the time between discovering a vulnerability and taking meaningful action. Microsoft’s role as a trusted security vendor matters here—customers need innovation, but they also need confidence, governance, and a partner they can rely on. Our early experience with MDASH has been encouraging, and we see real opportunity for it to help organizations modernize how they approach vulnerability discovery and remediation,” says Jason Rader, Insight CISO.  

Reach out to your Microsoft account representative for more information on the expanded preview of codename MDASH.

Prioritize and remediate code vulnerabilities with Microsoft Defender and GitHub Code Security

While codename MDASH identifies and validates what’s truly exploitable, the integration between Microsoft Defender and GitHub Code Security (part of the former GitHub Advanced Security suite), now generally available, brings runtime context into development and security workflows so that teams can prioritize and address risks early minimizing the impact to human resources. Vulnerabilities discovered in code are automatically enriched with real production signals, such as internet exposure and data sensitivity to inform prioritization. Developers can then remediate issues using AI-assisted fixes that are generated, assigned, and validated through GitHub Copilot Autofix and the GitHub Copilot cloud agent.

To support responsible, coordinated disclosure of findings that represent both real and potential vulnerabilities, role-based access controls ensure that only authorized individuals can view and act on them. Together, the production signal enrichment, AI-assisted remediation, and secure handling of findings within a single workflow help security and developer teams focus on real risk and enable teams to act quickly.

Secure your agents

Agents are quickly becoming a new layer of the application stack. As developers build agents and move them into production, they need the tools to ship fast without sacrificing security, including built-in identity, governance, and safety testing. Security teams have overlapping needs: visibility into what’s running, control over what agents can access, and consistent governance across clouds and endpoints. Microsoft is delivering new solutions to help.

Build secure agents from day one

At Build 2026, Microsoft is introducing new capabilities to help developers build secure, enterprise-ready agents by default. With the general availability of the Agent 365 SDK, developers can integrate controls directly into their development workflows, bringing observability, access controls, and compliance enforcement into how agents are designed and deployed. This enables teams to build custom agents for any AI platform that are compliant, and enterprise-ready, and compose well with Agent 365.

Security extends beyond development and into how agents run. On Windows, the Microsoft Execution Container (MXC) SDK provides OS-level control over agent execution, giving developers and IT teams the ability to define containment and policy, applied by the OS through isolation technologies such as process and session isolation. Windows 365 for Agents, now generally available, enables you to run any agent in a fully isolated, policy-governed Cloud PC. Native Windows integration with Agent 365 provides a common foundation for observability, security, and governance, including built-in Intune capabilities to set policies that govern agent runtime execution and control how agents operate.

These new capabilities are now in early preview.

Observe, govern, and secure agents at scale with Agent 365—now including local agents

As agents proliferate across environments, gaining visibility and control over them becomes critical. Agent 365 introduces new capabilities to manage agent sprawl and risk, including an Agent 365 Agent Registry that surfaces unmanaged local agents discovered by Microsoft Defender, Microsoft Entra, and Microsoft Intune—all working together. The registry supports more than 20 types of local agents, including coding agents, AI desktop applications, and both local and remote Model Context Protocol (MCP) servers. From there, Intune policies can be used to block common execution methods for OpenClaw agents.

Security teams also need the ability to defend against emerging threats without slowing developer productivity. Microsoft Defender, Entra, and Intune work together to provide the visibility, runtime protections, and context needed to manage agent risk without slowing developer productivity. Defender enables analysts to investigate agent activity using advanced hunting and provides an exposure graph that helps teams understand how agents are connected across the network. Preview of these capabilities coming soon.

Protecting data is foundational to securing agents at scale. Microsoft Purview controls to prevent data exfiltration, Data Security Posture Management risk discovery, and agentic risk detection for coding agents Claude Code, GitHub Copilot, OpenAI Codex, and OpenClaw. This enables visibility on how local agents access sensitive data, runtime protections for risky prompts, and insights into unsafe agent behaviors. Microsoft Purview Audit also logs all agent activity for full traceability. Preview of these capabilities coming soon.

Trust agents with your data

Developers also need direct, real-time insight into data security posture and risk signals associated with the agents they build. With Purview data risk signals embedded in the Foundry Control Plane, generally available, these signals provide guidance to developers on where to enforce protections before sensitive data is exposed. For example, Purview flags in real time when an agent surfaces sensitive financial data during testing and guides developers to mask or restrict access before deployment.

To further reduce risk, Purview introduces runtime data loss prevention (DLP) for agent prompts in Foundry, in preview with Agent 365. This capability detects, blocks, and audits sensitive data before it is processed by the agent, ensuring that sensitive information never reaches AI models.

Secure your models

Before AI reaches production, teams need to verify that the models they depend on are safe. Now developers can inspect model artifacts, whether platform-native or bring-your-own, with Defender AI model scanning, in preview. To help close gaps early model Defender AI model scanning detects and blocks potentially vulnerable or compromised models across registries, workspaces, and CI/CD pipelines to verify model integrity before deployment.

Trust starts with security

There should never be a choice between innovation and safety.

The capabilities announced today span the full development lifecycle: discovering what’s exploitable, governing what’s running, protecting the data AI depends on, and verifying that agents behave as intended before they reach production. Microsoft security is embedded directly into the platforms and workflows developers already use, supporting innovation across Microsoft Foundry, Copilot Studio, GitHub, and open-source frameworks, and bringing discovery and governance to shadow AI.

But real progress in AI depends on more than breakthrough capabilities—it depends on whether organizations can trust the systems they are building and deploying. That is the common thread across the innovations announced at Build 2026 and the principle guiding our approach. Because the future of AI will belong not just to those who move fastest, but to those who can innovate with trust.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. To learn more about how security is built into the Windows platform, explore the Windows Security book and Windows Server Security book.

The post Microsoft Build 2026: Securing code, agents, and models across the development lifecycle appeared first on Microsoft Security Blog.

Microsoft Agent 365, now generally available, expands capabilities and integrations

Microsoft Agent 365

Now generally available for commercial customers.

Choose an ecosystem partner for agent security and governance

AI agents aren’t coming—they’re already in your environment. They show up in places you expect (like Microsoft CopilotMicrosoft Teams, and Microsoft 365) and even more places as technology evolves (a local autonomous personal AI assistant or a new software as a service (SaaS) agent connected to your sensitive data.)

The problem isn’t that agents exist. It’s that they proliferate fast, span apps, endpoints and cloud, and often operate outside the visibility and control of the teams accountable for risk. When an agent can invoke tools, access data, and interact with other agents, any “helpful” workflow can turn into data oversharing, tool misuse, or over-privileged actions in seconds. And as agents become even easier to create and deploy, your attack surface grows with them. 

That’s why end-to-end observability matters: you can’t govern what you can’t see, and you can’t secure what you don’t understand—especially when the number of agents is a moving target. 

Microsoft Agent 365 helps you take control of agent sprawl as your control plane to observe, govern, and secure agents and their interactions—including agents built with Microsoft AI and agents from our ecosystem partners—using the admin and security workflows your teams already run. 

General availability starts today for Agent 365.

Additionally, we’re announcing the previews of new Agent 365 capabilities and integrations to help you scale agent adoption with the right controls in place. 

  • Observability, governance, and security for agents operating independently—Agent 365 is expanding to cover agents that operate with their own credentials and permissions.
  • Discovery of agents and shadow AI, using capabilities of Microsoft Defender and Microsoft Intune for both local and cloud agents.
  • A secured, managed environment for agents to work in Windows 365 for Agents.
  • Coverage for a wide ecosystem of SaaS agents, including agents innovated by software development companies (SDCs).
  • Support for evaluation, adoption, and usage from Microsoft and ecosystem partners worldwide.

Manage agents with a single control plane, regardless of how or where they work

As organizations move from pilot to adoption, AI agents are being deployed across increasingly diverse use cases. Some act with delegated access, working on behalf of users; others operate with their own credentials and permissions, participating in team workflows or operating behind the scenes. 

With Agent 365, you can observe, govern, and secure AI agents whether they act on behalf of users with delegated access—for example, an agent that helps employees organize their inbox—or agents that operate with their own access and scope of work—such as an agent autonomously triaging support tickets. 

Supported by Agent 365
Agents working on behalf of
users (delegated access) 
Generally available 
Agents operating behind
the scenes (own access) 
Generally available 
Agents participating in team
workflows (own access) 
Public Preview   

Discover and manage local and cloud-hosted agents 

Users are installing agents like OpenClaw and Claude Code on their devices and adopting SaaS agents built by developers on new and emerging platforms. Many of these local and cloud-hosted agents run unmanaged and outside of traditional governance, as they autonomously execute tasks, modify code, or access confidential information, creating a new wave of shadow AI.  

To help organizations address accelerating agent sprawl and the rise of unmanaged agents, we’re introducing new capabilities as part of Agent 365, Microsoft Defender, and Intune so you can discover shadow agents, and apply appropriate controls, such as blocking unmanaged agents. 

Discover and manage local agents

With Microsoft Defender and Intune, organizations will be able to discover and manage local AI agents running on Windows devices, starting with OpenClaw agents and expanding soon to other widely used agents like GitHub Copilot CLI and Claude Code. Customers enrolled in the Frontier program can see if OpenClaw agents are being used in the organization, which devices they are running on, and use Intune policies to block common ways that OpenClaw runs on the new Shadow AI page in Agent 365 in the Microsoft 365 admin center and in the Intune admin center. Through Agent 365 registry, the inventory of local agents will be available in Defender and Intune so IT, endpoint management, and security teams can get a consistent view of discovered local agents in their environment and take appropriate action.

Microsoft 365 admin center showing Shadow AI OpenClaw agent with Intune security policies enabled to detect and block unmanaged AI agents.
In the Microsoft 365 admin center, an IT professional can apply Intune policies to continuously detect managed devices and block the common methods of running OpenClaw on them. 

Starting in June 2026, Microsoft Defender will also provide asset context mapping for each agent including the devices they run on, MCP servers configured for those agents, the identities associated with them, and the cloud resources those identities can reach. This will give security teams the context needed to assess exposure and potential blast radius. They can then investigate agent activity, such as file access and network behavior, using familiar endpoint data, and use those insights to identify misconfigurations and even define custom detections.

Microsoft Defender interface displaying a security graph map of connected AI agents and AWS resources with ChatGPT Desktop node highlighted.
Security teams can investigate local AI agent exposure in Microsoft Defender through a relationship map that shows where an agent runs, which MCP servers are configured for use, which identities are associated with it, and which cloud resources those identities can reach. Defender context such as resource criticality and sensitive-data exposure helps teams prioritize the agents and paths that matter most. 

Beyond monitoring, organizations will be able to apply policy-based controls to set guardrails for what agents are allowed to do—helping protect both agents and organizations from compromise and misuse—with initial support delivered for OpenClaw through Intune. If a managed agent exhibits malicious behavior patterns, such as attempting to access or exfiltrate sensitive data, Defender will be able to block coding agents in runtime and generate alerts with rich incident context to support investigation and response.  

Context mapping capabilities, policy-based controls, plus runtime blocking and alerts will be available in Agent 365 through Intune and Defender public preview in June 2026. 

Visibility across clouds and AI-builder platforms

As developers are rapidly building agents with Microsoft Foundry, AWS Bedrock, and Google Gemini Enterprise Agent Platform (formerly Google Vertex AI) and deploying cloud agents across multicloud and multi-platform environments, the agent sprawl challenge intensifies. To manage potential security risks or vulnerabilities before they become breaches, security and IT teams need visibility to which cloud agents are running, what models these agents are built on, and what resources they’re accessing.

Today, we are excited to announce the public preview of Agent 365 registry sync with AWS Bedrock and Google Cloud connections, enabling IT teams to automatically discover, inventory, and, soon, perform basic lifecycle governance—for example, start, stop, delete agents—across these platforms.

Microsoft 365 admin center Registry sync page showing successful Amazon Bedrock connection with four synced AI agents listed.
Now in public preview, Microsoft 365 admins can connect and sync the Agent 365 registry with Amazon Bedrock and Google Cloud for cross-platform observability and governance. 

Manage a wide ecosystem of SaaS agents 

Agent 365 works with prebuilt agents in Microsoft 365 Copilot and Teams, agents built with Microsoft Copilot Studio or Microsoft Foundry for your organization, and agents built by software development companies partnered with Microsoft.

Delivering on our promise of control plane for the broad agent ecosystem, we’re excited to announce ecosystem partner agents fully configured to be managed by Agent 365, including Genspark, Zensai, Egnyte, and Zendesk, and agents built on agent factories, including Kasisto, Kore, and n8n. Organizations can observe, govern, and secure these agents in the Agent 365 control plane, with no integration work by IT or security teams.  

Agent 365 software development company launch partners

Collection of AI and software vendor logos including Adobe, NVIDIA, Zendesk, n8n, Kore.ai, and Celonis.
Agent 365 Software Development Company Launch Partners have built agents fully enabled to be managed by Agent 365. 

Enterprises can easily build AI agents today, but scaling them with trust and governance is where most initiatives stall. With Kore.ai deeply integrated into Microsoft Agent 365, identity, security, and governance are built in from the start—empowering enterprises to move from pilots to AI at scale with confidence.

—– Raj Koneru, Chief Executive Officer of Kore.ai

The Agent 365 developer and ecosystem partners play a critical role in extending agents into line-of-business systems, building vertical and scenario-specific integrations, modernizing legacy automation into agent workflows, extending Copilot experiences with custom agents, and helping customers operationalize agent ecosystems at scale. These Agent 365 enabled agents are then observable, governable, and securable in the Agent 365 control plane, accelerating adoption for your organization.

Secure agents as they work in Windows 365 

While Agent 365 provides the control plane to observe, govern, and secure agent activity across the enterprise, Windows 365 for Agents—now available in public preview (in the United States only)—provides a secured, managed environment where agents can carry out that work. It introduces a new class of Cloud PCs purpose-built for agentic workloads and managed in Intune, allowing agents to run in policy-controlled environments, interact with applications, and operate with the same identity, security, and management controls already used for employees.

Now, with Agent 365, you can also observe and secure agents running on Windows 365 for Agents in Microsoft 365 admin center, understanding which agents are connected to the cloud-powered compute. Together, they enable organizations to move from visibility and governance of agents to confidently running them in production environments. 

Secure agents against internet threats with network controls  

AI agents can operate much faster than human users. Without proper guardrails, they can connect to risky web destinations, interact with unsanctioned AI services, handle sensitive files unsafely, or be manipulated through malicious prompt-based attacks. These risks are harder to manage when security teams lack consistent visibility and controls for agent traffic to internet, SaaS, and AI services. 

To give security teams a consistent way to inspect agent traffic at the network layer, in general availability today, Agent 365 extends Microsoft Entra network controls to Microsoft Copilot Studio agents and agents running on user endpoint devices, including local agents such as OpenClaw. These controls can help identify unsanctioned AI usage, restrict connections to only approved web destinations, filter risky file movement, and help block malicious prompt-based attacks before they lead to harmful actions. 

Confidently scale and govern AI agents while maintaining security and control 

Agent 365 extends even further beyond Microsoft platforms to discover, observe, govern, and secure local, SaaS, and cloud agents across your agentic AI ecosystem. Each of today’s announcements build upon Agent 365 capabilities we shared in March 2026 as well as detailed feedback of customers using the Frontier program, developers integrating with the platform, and partners testing Agent 365 capabilities. 

With Agent 365, we can scale and govern AI agents with confidence, while maintaining enterprise grade security and control. Agent 365 enables organizations to move beyond experimentation, driving tangible business value and innovation through trusted AI adoption. By providing a robust and integrated platform, Agent 365 empowers teams to confidently embrace AI and accelerate transformation across the enterprise.

—Yuji Shono, Head of the Global AI Office, NTT DATA Group Corporation, a global infrastructure, networking, and IT services provider.

As organizations begin to adopt Agent 365 at scale, we’ve collaborated with strategic partners to create targeted services to help customers onboard, tackle governance challenges and realize the platform’s full value.

Grid of enterprise services partner logos including Accenture, KPMG, Cognizant, Capgemini, Avanade, Deloitte, EY, PwC, and TCS.
Featured Agent 365 launch partners, including Accenture, Bechtle, Capgemini, Insight, KPMG, Protiviti and Slalom, collaborated with Microsoft engineering teams to develop services for planning, adopting, and managing your agent control plane implementation.

Partner services offered today include expertise and guidance for: 

  • Inventory and ownership: What agents exist, who owns them, and where they run.
  • Least privilege: Right-sizing permissions and enforcing access guardrails without slowing delivery.
  • Compliance and data protection: Preventing oversharing and producing audit-ready evidence.
  • Threats and multi-platform estates: Understanding attack paths and governing across vendors and clouds.
  • Ongoing operations: Lifecycle management, monitoring, and continuous governance hygiene. 

These valuable services are typically scoped as workshops and assessments (diagnose and roadmap), governance and enablement (stand up the control plane and guardrails), managed services (run and improve continuously), advisory and readiness (operating model and adoption readiness), and security and integration (harden posture and integrate third-party agents.)

How to get started with Agent 365  

Agent 365 is now available in Microsoft 365 E7 or standalone at USD15 per user per month. Each Agent 365 license covers an individual who manages or sponsors agents, or uses agents to do work on their behalf, ensuring all agent activity is consistently governed across the organization in a way that’s predictable for scaled growth.  

In addition to the expertise of your Microsoft 365 team and partners, Agent 365 resources to support your experience include:

Plus, on Tuesday, May 12, 2026, a team of Agent 365 experts are hosting a live “Ask Microsoft Anything” to answer your questions about Agent 365—we hope you’ll join for the discussion.

Microsoft Agent 365

Now generally available for commercial customers.

Choose an ecosystem partner for agent security and governance

The post Microsoft Agent 365, now generally available, expands capabilities and integrations appeared first on Microsoft Security Blog.

❌