Software developers are some of the most ambitious makers we serve. They push devices harder, ask more of their tools and expect their environment to help define the pace of modern software creation. Development today means longer running jobs, larger models and a growing need to prototype and iterate locally rather than paying for every cloud call. That is why we embarked on a project to build two new Surface devices designed specifically for the needs of these makers. Earlier this week, we introduced Surface Laptop Ultra, a high-performance laptop built for developers, creators and technical professionals who need serious performance wherever they work. Today at Microsoft Build, we are introducing Surface RTX Spark Dev Box, a compact developer PC engineered with NVIDIA RTX Spark superchip and built on the Windows developer platform, designed for local-first AI development. Surface RTX Spark Dev Box is for developers who want to prototype, fine-tune and run capable models on their desk, and reach for the cloud when the work calls for it. Together, Surface Laptop Ultra and Surface RTX Spark Dev Box represent the next step for Surface: purpose-built devices for the people building what’s next. https://www.youtube.com/watch?v=VlAI1_JkXL4

A new category of Surface, built for developers

The way developers build software is fundamentally changing. AI models are growing in capability and complexity, agentic workflows demand sustained compute, and every iteration can incur cloud costs, even when the work doesn’t require state-of-the-art models. Surface RTX Spark Dev Box changes that equation. It’s a purpose-built Windows AI developer box that puts up to 1 petaflop of AI compute directly on the desk. By bringing powerful AI compute to the edge, developers can reserve frontier model calls for truly frontier problems and handle the rest on their own hardware. The result is a development workflow that can be more efficient and responsive, with developers in control of where their compute dollars go.

Sustained AI performance in a compact form factor

At the heart of this new developer machine is the NVIDIA RTX Spark superchip, combining a powerful NVIDIA Blackwell RTX GPU and an ultra-efficient NVIDIA Grace CPU to deliver up to 1 petaflop of AI compute with 128 GB of unified memory. That’s enough compute power to run 120B+ parameter models with 1 million token context locally at interactive speeds or fine-tune models that previously required cloud GPU instancesⁱ. With an aluminum chassis engineered to double as a heatsink, Surface RTX Spark Dev Box is designed for the workloads that matter most to developers: long-running training jobs, large model inference and complex agentic pipelines that benefit from consistent, sustained performance.

Built for the tools and workflows developers already use, out of the box

Surface RTX Spark Dev Box ships with Windows 11 Pro pre-configured for developers at the image level. This brings a purposeful set of defaults, preinstalled tools and tuned settings so the development environment is the default from first sign-in. The setup keeps developers in their workflow: dark theme, taskbar simplified for development, Widgets removed, Do Not Disturb on. Developer Mode is enabled. PowerShell 7 is the default shell. Under the hood, WSL 2 is configured with GPU passthrough and CUDA support. VS Code, GitHub Copilot, Git, Python and Node.js are installed. Your favorite IDEs, agents, coding assistants, frameworks and libraries all work on Surface RTX Spark Dev Box, whether you prefer the Windows side or WSL. Surface RTX Spark Dev Box is also a world class entry point to the rest of the Microsoft AI stack. AI Toolkit for VS Code brings model conversion, fine-tuning and evaluation into the editor developers already use. Windows ML with TensorRT, and Windows Copilot Runtime give you a consistent local inference surface. Microsoft Foundry connects local prototyping to production deployment, so the model you tune locally ships through the same tools and identity you use every day. GitHub Copilot scales from CLI to enterprise on the same machine. That is what we mean by best Microsoft experience for developers: the local box, the OS, the developer tools and the cloud platform working as one stack.

Secure by design

For developers working with sensitive models, proprietary data and valuable IP, security isn’t optional. It’s foundational. The powerful GPU and unified memory mean more of your models and IP can stay local and lets developers keep more of their models and data local. Surface RTX Spark Dev Box is built on chip-to-cloud security aligned with Microsoft’s Zero Trust principles:

• Secured-core PC architecture
• BitLocker encryption
• Microsoft Defender protection

For organizations, Surface RTX Spark Dev Box integrates with Entra ID and Intune for management and governance at scale. With Surface Laptop Ultra and Surface RTX Spark Dev Box, we’re expanding the Surface line with two products built specifically for makers. Surface Laptop Ultra is built for high-performance work that moves with you, from compiling and debugging to creative production and AI experimentation, while Surface RTX Spark Dev Box is built for the local compute developers need when models, agents and long-running workloads belong on the desk. Different form factors, same direction: giving developers the best option and more choice in where and how they build. Surface RTX Spark Dev Box will be available later this year in the U.S. exclusively on Microsoft.com. Learn more at microsoft.com/devboxⁱⁱ. i Source: NVIDIA. Based on 1 Theoretical FP4 TOPS using the sparsity feature.  ii Microsoft Surface RTX Spark Dev Box and Surface Laptop Ultra are pre-release products. Products and features are subject to regulatory certification/approval; actual sale and delivery is contingent on compliance with applicable requirements.  

Making Windows the trustworthy OS for agents

AI agents are no longer just answering questions, they are taking actions across systems with increasing autonomy. As they become persistent participants in how software runs, they introduce new risk to control and trust, challenging the security assumptions that have defined computing for decades. Developers are building agents that read files, invoke services, modify environments and chain operations together at increasing speed. That capability is powerful, but it raises a critical question: how do you ensure these systems remain trustworthy when they operate autonomously, at scale, on real data? This shift changes what developers, IT and security teams need from the platform. Security for agents must be built into the foundation by design so they can be developed, deployed and governed with confidence. When that foundation is in place, organizations can scale agent adoption while maintaining control and trust. Containment, identity and manageability are built as foundational primitives in Windows, extending security beyond the app and model into the OS. We’ve previously shared the principles guiding how we secure agent workflows on Windows. Then in May we announced how Microsoft Agent 365 was expanding its capabilities, including the ability to discover and manage local agents on Windows, starting with OpenClaw agents and expanding soon to other widely used agents like GitHub Copilot CLI and Claude Code.  We also announced that "beyond monitoring, organizations will be able to apply policy-based controls to set guardrails for what agents are allowed to do."  At Build 2026 we are sharing an update on how Agent 365 and Windows are working together to provide those capabilities with the introduction of Microsoft Execution Containers (MXC) SDK. For developers, Windows will provide the building blocks needed to implement agents that are more secure on both consumer and enterprise systems. For IT teams looking to balance deploying agents at scale while managing risks, Agent 365 and Windows provide the observability, governance and security capabilities that are critically needed.

Policy-based controls

Containment bounds what agents can access and do, so non-deterministic behavior doesn’t translate into uncontrollable risk. Unlike traditional applications, agent behavior is dynamic and often generated at runtime. The agent often uses models to generate complex code for each prompt that can read, act and chain multiple operations. Containment ensures agents can do useful work without being granted the full authority of the user’s session.

The Microsoft Execution Containers (MXC) SDK

To contain agent impact without limiting productivity gains, we’re introducing an early preview of the Microsoft Execution Containers (MXC) SDK, a cross-platform, policy-driven execution layer for agents on Windows and WSL. Developers define what to constrain in their apps and agents, and Windows enforces those constraints consistently at runtime through MXC. MXC provides an abstraction layer across isolation primitives, so developers do not have to manage low-level isolation details.

The composable sandbox and containment spectrum

The composable sandbox is how Windows applies isolation and containment in practice, with MXC as the control surface for developers. The same policy model and SDK can map to different isolation constructs depending on the workload and containment requirements. A coding agent and an enterprise data-processing agent may not need the same guardrails, but they do need one coherent trust story. The composable sandbox delivers the flexibility and control that developers and IT need. Agent 365's policy-based controls with Microsoft Entra and Intune will be used to apply those MXC constraints to a specific agent. Windows supports a range of containment options so that guardrails can match the nature and risk of the workload. Additional functionality and security enhancements will be added to subsequent releases. The following will be released in early preview shortly after Build to meet the needs of the agent ecosystem:

Process isolation

Windows is simplifying how developers enable process isolation for agents. Process isolation provides fast, lightweight containment within the user’s environment for scenarios like running model-generated code within a dedicated process boundary that restricts access to files and network domains outside defined policy. It is ideal for use cases like coding agents where the developer inner loop must stay responsive. GitHub Copilot CLI has adopted MXC process isolation to constrain what dynamically generated and executed code can do. We are excited to share the results of this deep partnership between Windows and GitHub with our shared customers.

Session isolation

Workloads that span across large numbers of long running processes or ones that need their own resources like a desktop to run automation may find process isolation overly limiting. Sessions in Windows separate the agent’s execution from the human user’s environment, such as the interactive desktop, clipboard, UI, input devices and active sessions. This mitigates UI spoofing, input injection and cross-session data leakage, and is suited for sustained workflows that run alongside the user’s own work. Sessions in Windows run with distinct user accounts, which enables isolation. Windows assigns a local ID or a cloud provisioned identity backed by Entra and attributes all activity from the container to that identity, so you can clearly differentiate human from agent. MXC session isolation paired with unique local ID on Windows enables precise control, least-privilege access and full auditability. Access policies can be applied to Windows session isolation so agents run independently with controlled local access and full lifecycle governance managed through Microsoft Entra and Intune in the cloud. Teams can use Intune policies to require MXC isolation with guardrails such as filesystem rules. Our initial release will support non-interactive sessions with additional capabilities targeted for future releases. As agents evolve, we are continuing to expand MXC containment capabilities and invite developers and the broader ecosystem to share feedback, including through engagement with the project on GitHub. Some other MXC containment capabilities currently on our roadmap are:

Micro-VM

Research at the cutting edge of agent security shows how LLMs are developing capabilities around escaping sandboxes. Is there a way to provide the desirable properties of process isolation like low overhead with a stronger isolation boundary? Micro-VMs that use hardware-backed isolation via the hypervisor with lightweight images can be well suited for higher-risk workloads. The micro-VM construct raises the bar against sandbox escapes by using a hypervisor while facilitating higher density than is possible with full VMs. They are desirable for agents processing sensitive data or running untrusted external code.

Linux containers

Will bring the containment model to Linux-first agent toolchains via WSL. This enables compatibility with Linux ML frameworks and package ecosystems with OS-enforced boundaries.

MXC integration for cloud VM Windows 365 for Agents

Windows 365 for Agents, now generally available, extends containment beyond the local device. The agent runs in an Intune-managed Cloud PC, fully separate from the user’s machine. If compromised, impact is contained to a disposable cloud instance. Suited for enterprise-managed agent fleets with centrally provisioned policy and compliance. To learn more, check out our Windows 365 blog. With the future addition of MXC integration, Windows 365 for Agents will scale from lightweight local isolation to stronger hardware-backed boundaries - through a single SDK and policy model. With the combination of these new Windows capabilities and Agent 365, Microsoft is continuing to expand its full stack offering to help enterprises to observe, govern, and secure their agents.

Innovating with partners in the ecosystem

We are partnering with leading innovators in the industry like Hermes, Manus, NVIDIA, OpenAI and OpenClaw, to ensure the containment we are building supports real developer needs. OpenClaw now runs the node and gateway securely on Windows leveraging MXC. You can use the new Windows companion app to easily set up your own claws or connect to existing ones. NVIDIA brings OpenShell to Windows, built on MXC. Integrating MXC via OpenShell provides developers with an easy-to-deploy package for autonomous, always-on agents safely. Hermes Agent will be integrating OpenShell and MXC in their new Windows application. "Continuously running local agents, like Hermes Agent, require intentional isolation. Developers need control over what an agent can access and trust that those controls will hold,” said Dillon Rolnick, CEO of Nous Research. “Microsoft Execution Containers (MXC), integrated with OpenShell, provides a policy-driven foundation for private, on-device agents on Windows.” "Working with Microsoft on the Microsoft Execution Containers (MXC) allows us to explore new patterns for AI agents to safely and efficiently generate and execute code. By combining Codex's capabilities with MXC's execution environment, we aim to help developers move from intent to reliable execution faster, while maintaining the security and control enterprises need," said David Wiesen, Member of Technical Staff, OpenAI “Manus is built to help users move from intent to completed work across tools, files, code and workflows,” said Tao Zhang. Chief Product Officer. “With Microsoft Execution Containers (MXC), Windows gives developers a policy-driven way to define what an agent can access and enforce those boundaries at runtime, so more autonomous agents can operate safely in enterprise environments.”

Built on a secure foundation by design

This agentic security model runs on a Windows platform designed to reduce risk by default. Decades of investment in Windows provide the foundation for everything running on top of it including agentic security capabilities. Under the Secure Future Initiative, continuously strengthening this foundation remains a company-wide priority. Windows reduces the attack surface and raises the security baseline by default – so agents inherit that protection without additional work. It shows up in capabilities like passwordless sign-in with passkeys, Hotpatch updates without restarts, production drivers written in Rust to reduce memory-safety vulnerabilities and post-quantum cryptography in Insider builds. Secure Boot enforces a hardware root of trust on every startup. Defender provides real‑time protection against prompt injection and other emerging agent threats. It uses advanced scanning engines and continuously updated intelligence to detect and respond to attacks. These protections are available to all Windows customers - including consumers using Windows Defender as their primary antivirus. Enterprise manageability has been a longstanding platform capability that IT and security teams depend on Windows to provide. Agent 365 now provides native integration of observability, governance and security capabilities for agents running on Windows OS environments, like MXC and Windows 365 for agents, so agents running on Windows can start secure and stay secure. Windows will continue to raise the bar for platform security with capabilities like our recently announced Baseline Security Mode. Together, these investments help provide the secure foundation on which trustworthy agentic computing is built.

Start building secure agents today

The value of an agent is not just what it can do, but whether it can be trusted in production. Windows enables agents that are secure, governable and ready for real-world deployment. Many of these capabilities are available today in Windows Insider builds, with more coming through our developer preview program. Windows continues to evolve so developers and organizations can move fast on AI while maintaining trust and security. We are excited to see what you build. To get started:

• Explore the Microsoft Execution Containers SDK.
• Try process and session isolation in Windows Insider builds when available shortly after Build.

Build is one of our favorite moments each year - a chance to connect with the global developer community and share what we’ve been building. Over the past year, we have connected with many developers pushing the boundaries of what’s possible on Windows. What we consistently hear is that you want a platform that meets you where you are, removes friction and gives you the flexibility to choose how and where you build across local and cloud, across platforms, languages and frameworks. That feedback has shaped everything we are announcing today. The foundation of great development starts with strong fundamentals, coupled with a great developer experience. We are continuing to raise the bar on Windows 11 quality and deeply focused on making Windows more secure, more reliable across the shell - from Explorer to Start to Search – with a simple goal to reduce cognitive load. Whether you are building modern applications or experimenting with agent-driven workflows, we are committed to making Windows more adaptable, capable and aligned with how development actually happens today. And as AI continues to reshape how software is built, we are investing deeply in enabling you to run your AI workloads securely where it makes the most sense on-device, in the cloud or across both without trade-offs. Our goal is simply to give you a platform that accelerates your ideas.

What’s new for Windows platform at Build?

• Developer-optimized Windows 11 experience to build and ship faster.
  • Coreutils for Windows - a set of Linux-like command line utilities that run natively on Windows, now generally available.
  • WSL containers - a built-in way to create, run and interact with Linux containers using familiar CLI & API, coming soon to public preview.
  • Windows Development Skills - gives agents structured knowledge to build great native Windows apps end-to-end using WinUI3 skills and WinApp CLI, now generally available.
  • Intelligent Terminal – intentionally brings context-aware intelligence to your favorite agents directly into a terminal based experience to help debug errors, run multi-step tasks so you can stay in your flow, available in experimental preview.
  • Windows Developer Configurations - powered by WinGet, sets up a distraction-free dev environment with VS Code, GitHub Copilot, WSL, PowerShell 7 and developer-optimized settings with one command on any Windows 11 device, now generally available.
  • Windows 365 with Developer configuration – Windows 365 comes pre-configured with the same Windows developer configuration, available in public preview.
• Secure Windows platform to build and run agents with OS-enforced agent identity, containment and enterprise-grade manageability.
  • Introducing Microsoft Execution Containers (MXC) SDK– A policy-driven execution layer that lets developers declare what an agent can access (e.g., files, network) with containment boundaries enforced at runtime. MXC offers a spectrum of isolation semantics that are dynamically composable based on intent and risk, available in early preview.
  • Agent 365 native integration with MXC enables agents running on Windows to start secure and stay secure. Integration will deliver Defender, Entra, Intune and Purview protections so security and IT teams can constrain and secure local agents to prevent enterprise risk, available in preview in July.
  • OpenClaw runs natively on Windows leveraging MXC - The Windows node and gateway run contained, so your system stays secure. You can easily install and use OpenClaw in Windows with its own companion app and set up your own claws or connect to existing ones, available in open-source. We are invested in continuing to make OpenClaw run securely on Windows.
  • NVIDIA is bringing OpenShell to Windows built on MXC - Integrating MXC via OpenShell provides developers with an easy-to-deploy package for autonomous, always-on agents safely.
  • Windows 365 for Agents - provides computer-using agents with secure, managed Cloud PCs to execute enterprise workflows, now generally available.
• Unmetered intelligence on Windows powered by on-device AI
  • Introducing new on-device SLMs - Aion 1.0 Instruct, a smaller, faster and smarter on-device SLM, and Aion 1.0 Plan, a reasoning and tool-calling model that enables fully local agentic capabilities, available in the coming months.
  • Expanding Windows AI APIs to more Windows 11 PCs across CPU and GPU Speech-to-text recognition API available on NPUs and CPUs. On-device SLM expands to capable dGPUs enabling text-intelligence capabilities locally and Video Super Resolution available on CPUs so developers can deliver richer experiences without a cloud round trip.
• Introducing Surface RTX Spark Dev Box – purpose-built for developers powered by NVIDIA RTX Spark silicon, delivering up to 1 petaflop of AI compute paired with 128 GB of unified memory shared across the CPU and GPU. Comes with all of the above developer optimized Windows 11 experience so developers can build, test and run AI and agent workloads locally without setup friction or unpredictable cloud costs.
• Introducing DGX Station for Windows — the world’s most powerful deskside AI supercomputer for developing and running agents on Windows — powered by the NVIDIA GB300 Grace Blackwell Ultra Superchip. It is purpose-built to develop and run up to 1 trillion-parameter frontier AI models locally, as well as connect always-on, frontier AI agents to enterprise applications and workflows, coming in Q4 this year.
• New capabilities in Microsoft Store – We are committed to making Microsoft Store a trusted platform for app distribution, delivering free and faster company onboarding with Entra ID support, accelerated app certification times, and new near real-time analytics and subscription insights for developers.

Introducing Project Solara

We're introducing Project Solara, a new platform built from the ground up to power agent-driven experiences, including two new concept devices that reimagine how this comes to life. With agents becoming a both a new unit of programming and an emerging new unit of human-to-machine interaction, the mission of Project Solara is to pioneer agent-first experiences that are shaped around you: your agents, your tasks, your environment, under your control.

Developer-optimized Windows 11 experience to build and ship faster

We have optimized the Windows 11 experience for developers, bringing frequently used command line utilities, a familiar comfort shell, faster setup experience, a built-in way to create and interact with Linux containers on Windows and a new experimental Intelligent Terminal.

Announcing general availability of Coreutils for Windows

Developers constantly move between platforms, but familiar commands don't work consistently, forcing workarounds, lost speed and context switching. To address this, we've built Coreutils for Windows from the uutils open-source project, a cross-platform reimplementation of GNU Coreutils in Rust. These are Linux-like command-line utilities that run natively on Windows. Whether you're moving between Linux, macOS, WSL, containers or cloud environments, the commands and workflows you've built over years just work in your Windows environment. Explore and get started with Coreutils for Windows. https://www.youtube.com/watch?v=_bcFOTI35gI

Announcing WSL containers, coming soon to public preview

Containers and Linux are core to modern development workflows. Windows Subsystem for Linux (WSL) has become foundational for running Linux workloads on Windows. Last year at Build 2025, we open-sourced WSL, and community contributions have grown to over 200 PRs per month. We're building on this momentum by integrating WSL more deeply into Windows with WSL containers. Modern container workflows on Windows often depend on third‑party tooling, adding setup overhead, licensing cost and limited enterprise control. IT teams also lack consistent visibility into what’s running and how containers interact with the underlying host. WSL containers provide a built-in way to create, run and interact with Linux containers on Windows. Whether you are working on local development, AI/ML workflows or containerized testing, Linux containers run out of the box. To enable you to build WSL containers, we are offering WSL containers CLI & API.

• WSL containers CLI: Use the new exe binary to directly build, run and deploy Linux containers on Windows, out of the box.
• WSL containers API: Access functions to run Linux containers programmatically in your native Windows apps - unlocking scenarios like running local AI workloads, testing pipelines, and Linux based processing.

For enterprises, WSL containers provide policy‑based enablement and management using familiar Windows controls. IT admins gain visibility into what Linux containers are running on developer machines, can control where images are sourced from, and can govern how containers interact with the host. WSL containers will be available in public preview in the coming months as a regular update to WSL. Since WSL is open source, you can view the team’s progress at our WSL GitHub. https://www.youtube.com/watch?v=c78ZMB7SgHM

Announcing general availability of Windows Developer Configurations

We understand that getting to a code-ready state quickly matters, regardless of your development workflow. Windows Developer Configurations enables you to go from a fresh machine to a ready-to-code environment in minutes. It includes:

• dev-config.winget - a WinGet configuration file, to get an optimized, distraction free development environment with the right versions of essential developer tools installed – WSL, PowerShell 7, Git, GitHub CLI, Visual Studio Code, Python and more. It also applies developer-optimized settings — like Git version control in File Explorer, file extensions visible and hidden files shown. It’s fully customizable, so you can adapt it to your needs and add your favorite third‑party tools.
• Workload-specific scripts for container, cloud and infrastructure development - make it easy to install the exact tools, libraries and dependencies you need for your specific use case.
• WSL comfort setup scripts - enable you to bring your preferred tools and workflows to Windows - like homebrew, zsh, starship, and more.

Get started or tailor it to your needs by exploring Windows Developer Configurations. https://www.youtube.com/watch?v=YaR-JpaWFqw

Announcing Intelligent Terminal, available as experimental version

Developers spend a significant part of their workflow in the terminal, but today that experience lacks integration with agentic tools and context they rely on. They must leave the terminal to look up fixes, and copy suggestions from multiple sources, which leads to increased context switching. To address this, Intelligent Terminal provides context to your favorite agents via ACP (Agent Communication Protocol) so you can stay in the terminal and query, debug or complete any task on hand. It is based on the existing Windows Terminal experience, so you get everything it offers (tabs, profiles, themes, settings, shells) plus native agent CLI integration in the agent pane. If no agent is installed, GitHub Copilot is available for you to get started. In a typical scenario, when a command fails, Intelligent Terminal automatically surfaces the context and suggests fixes you can run immediately in the dedicated agent pane. Instead of debugging step-by-step across multiple tools, you can resolve issues, iterate and move forward quickly while staying in your flow. To learn more, check out the Intelligent Terminal blog. https://www.youtube.com/watch?v=o1DmM6_z4zk

Announcing general availability of Windows Development Skills

We are introducing Windows Development Skills to enable agents to directly leverage structured knowledge to execute across the full lifecycle of building a native Windows app using WinUI3 skills and winapp CLI. By powering agents with Windows specific application development knowledge, these skills help achieve token efficiency. To add Windows Development Skills to your favorite agents visit https://aka.ms/winui-skills. https://www.youtube.com/watch?v=7OK30hI5h-I

Announcing Windows 365 with Developer configuration, available in public preview

Alongside local development, enterprises often increasingly need a cloud-based option to standardize development environments across teams, scale on demand and to be ready to code from any device - without managing local infrastructure or setup. To address these needs, we are bringing new developer capabilities to Windows 365, a cloud-based service that securely streams a full Windows desktop experience to any device. Windows 365 with Developer configuration offers ready‑to‑code environments in the cloud. This image provides a consistent, preconfigured Windows 11 development experience from first sign‑in, with commonly used tools such as Visual Studio Code, Git, GitHub CLI and WSL already set up.  The environment can also be extended with additional SDKs, CLIs, packages and build tools based on project requirements, while remaining aligned with organization policies and controls. With flexible performance configurations and seamless access from any device, Windows 365 helps streamline development workflows, whether working on-site or remotely, across Windows and Linux (via WSL) environments, running AI models or moving between local and cloud setups. To learn more, check out the Windows 365 blog. All these improvements share a common goal: giving developers an environment they can rely on, one that stays out of the way and keeps them in the flow. And as AI becomes integral to how software is built and shipped, the platform must evolve too. That's why we're taking the next step: making Windows the best place to build and run agents.

Windows is the secure platform to build and run agents with OS-enforced containment, agent identity and enterprise-grade manageability

As agents become more capable and autonomous, they're delivering material productivity gains. But they're also introducing new risk, and the issue isn't just the agent. It's the entire system the agent operates across. Every interaction — between agents and humans, tools, apps, models and even other agents — exposes new attack surface and introduces different failure modes. This is a multi-layer systems problem. That's why we've built containment, identity and manageability as foundational primitives in the operating system — making Windows the most trusted platform to build and run agents.

Microsoft Execution Containers (MXC) — now available in early preview

It's critical to contain agent impact without limiting productivity gains. That’s why we are introducing Microsoft Execution Containers (MXC), a cross-platform, policy-driven execution layer for agents across Windows and WSL. Developers declare what an agent can access, like files and networking related policies configured in Intune, and MXC enforces those boundaries at runtime. Windows delivers a composable sandbox spectrum through MXC — a single SDK and policy model that maps to the right isolation construct for any agent workload.

• Fast process isolation (adopted by GitHub Copilot CLI) and session isolation separates the agent's execution from the user's desktop, clipboard, UI and input devices, and critically, binds the agent to a strong user identity — mitigating UI spoofing, input injection and cross-session data leakage. Process isolation and session isolation will be available to Windows Insiders shortly after Build.
• Windows 365 for Agents, now generally available, extends containment beyond the local device and agents run in an Intune-managed Cloud PC, fully separate from the user's machine.
• Micro-VMs, Linux containers and MXC integration for Windows 365 for Agents are currently on our roadmap as additional MXC containment capabilities.
• Agent 365 layers Entra and Intune policy on top so IT can govern containment centrally while developers choose the guardrail weight their workload demands.

OS-enforced Agent Identity and enterprise manageability on Windows

Beyond containment, every agent activity must be attributable and governed. Windows assigns agents a local ID or a cloud provisioned identity backed by Entra and attributes all activity from the container to that identity, so you can clearly differentiate human from agent. Native Windows integration with Agent 365 provides a common foundation for observability, security and governance, including native Intune integration to set policies that gate the agent runtime execution and control how agents run. Defender, Entra, Intune and Purview will provide runtime protections for evolving threats across access, sensitive data, malicious prompts and risky behavior so security and IT teams can prevent enterprise risk. Get started at: Microsoft Execution Containers. Learn more at: Windows Platform Security for AI Agents and aka.ms/BUILD_SecurityBlog.

Innovating with partners in the ecosystem

We are partnering with leading innovators in the industry like Hermes, Manus, NVIDIA, OpenAI and OpenClaw, to ensure the containment we are building supports real developer needs. OpenClaw now runs the node and gateway securely on Windows leveraging MXC. You can use the new Windows companion app to easily set up your own claws or connect to existing ones. NVIDIA brings OpenShell to Windows, built on MXC. Integrating MXC via OpenShell provides developers with an easy-to-deploy package for autonomous, always-on agents safely. Hermes Agent will be integrating OpenShell and MXC in their new Windows application. "Continuously-running local agents, like Hermes Agent, require intentional isolation. Developers need control over what an agent can access and trust that those controls will hold,” said Dillon Rolnick, CEO of Nous Research. “Microsoft Execution Containers (MXC), integrated with OpenShell, provides a policy-driven foundation for private, on-device agents on Windows.” "Working with Microsoft on the Microsoft Execution Containers (MXC) allows us to explore new patterns for AI agents to safely and efficiently generate and execute code. By combining Codex's capabilities with MXC's execution environment, we aim to help developers move from intent to reliable execution faster, while maintaining the security and control enterprises need." said David Wiesen, Member of Technical Staff, OpenAI. “Manus is built to help users move from intent to completed work across tools, files, code and workflows,” said Tao Zhang, Chief Product Officer.  “With Microsoft Execution Containers (MXC), Windows gives developers a policy-driven way to define what an agent can access and enforce those boundaries at runtime, so more autonomous agents can operate safely in enterprise environments.” Get started here: OpenClaw Windows Node.

Announcing Windows 365 for Agents generally available within Agent 365

Windows 365 for Agents provides Cloud PCs that enable AI agents to execute multi-step workflows across software, including opening apps, navigating interfaces, entering inputs and processing data. Today, we are making Windows 365 for Agents generally available within Agent 365, enabling Agent builders to build computer-using agents for a variety of enterprise use cases. To learn more, check out Windows 365 for Agents documentation | Microsoft Learn.

Unmetered intelligence delivered on Windows

We're entering a new era of software development. As AI models grow more powerful, agentic workflows demand continuous compute, escalating cloud costs. By shifting some of that intelligence to the edge, we are transforming the developer experience: frontier models tackle frontier problems, while everything else runs locally at scale. A new generation of on-device small language models (SLMs) on Windows is making this easier. Windows ML is the platform that unlocks unmetered intelligence on Windows, enabling developers to build, optimize and deploy AI at scale, across all silicon. Today we are bringing new capabilities to accelerate your local AI development.

A new generation of on-device models - Aion 1.0 Instruct and Aion 1.0 Plan in preview

We are introducing a new generation of models purpose-built for local execution, each designed for a specific tier of device capability. Together, they represent a clear progression: from efficiency at scale to local agentic reasoning, all running without cloud dependency or per-token cost.

• Aion 1.0 Instruct: efficiency at scale. Aion 1.0 Instruct is our next-generation small language model, smaller, faster and more efficient than our current Windows OS SLM. Designed from the ground up for on-device workloads, Aion 1.0 Instruct powers everyday text intelligence (summarization, rewrite, intents, accessibility) and extends beyond Windows APIs with integration into the Edge browser and availability as open weights. Developers can start experimenting with Aion 1.0 Instruct in preview today in Edge Insider channels and as an open source model in July on Hugging Face.

https://www.youtube.com/watch?v=zkHWGFYNlLI

• Aion 1.0 Plan: local agentic reasoning. Aion 1.0 Plan is a 14-billion parameter reasoning and tool-calling model with 32K context length that ships in-box as part of Windows on capable devices. It enables applications to reason over user intent, invoke tools, manage files and orchestrate sub-agents, bringing fully agentic workflows onto the device.

Announcing new Speech Recognition API

Last year at Build, we introduced Windows AI APIs powered by local on-device models. Today we are adding Speech Recognition API to this list. Speech Recognition API enables real-time or batch, on-device speech-to-text from live audio. Developers can enable their apps to produce transcripts from recordings or embed captions anywhere audio plays, using microphone, streamed or audio file inputs, with hardware-accelerated execution where available. By running locally, transcriptions can still be generated without network connectivity, saving on cloud costs. This unlocks new possibilities for modern text entry, audio-video applications, dictation-enabled workflows and accessibility tools that need reliable, low-latency transcription regardless of connectivity. The Speech Recognition API will enter public preview. The API will initially be limited to English-language speech recognition and will expand as it gradually roll outs across global markets. Learn more about the new Speech Recognition API when it becomes available this week at: aka.ms/speech-recognition-api.

Announcing Expansion of Windows AI APIs across GPUs and CPUs, now available

Windows AI APIs offer the fastest and easiest path for developers to integrate local AI into their apps using ready-to-use APIs powered by on-device models specializing in specific tasks. We are thrilled to share that Windows AI APIs are expanding beyond NPUs to CPUs and GPUs, bringing local AI experiences to a much broader set of Windows 11 devices. In addition to existing NPU support, our existing Windows inbox SLM is available on capable GPUs and Video super resolution and Speech Recognition on CPUs, all in public preview. https://www.youtube.com/watch?v=1mSUNPLDZNE https://www.youtube.com/watch?v=zWsBdlZsy_w This expansion gives developers a broader audience for their AI-powered applications with OS-optimized performance. Learn more about Windows API support and minimum hardware requirements here: aka.ms/WinAI/APIs The Windows inbox models that power the AI APIs are not automatically downloaded to every device. They are only acquired when an application on the device requests them, keeping storage and bandwidth impact minimal for users who do not need them. Many app developers are leveraging Microsoft Foundry on Windows to enable local AI in their applications. https://www.youtube.com/watch?v=she5m9OTT7Q With Microsoft Foundry on Windows, local AI is no longer a compromise - it is a platform for breakthrough developer experiences. From efficient small models to agentic reasoning to frontier coding, this is unmetered intelligence on Windows.

Windows on next-generation hardware purpose-built for developers

We are bringing purpose-built developer devices which are the best expression of the full suite of advancements and new capabilities we are introducing today from developer optimized experience, secure platform to build and run agents to our local AI platform. With the increase in capability of agentic and coding models that run locally on this class of device, we can take the next step for hybrid compute – bringing the best of cloud and client together. In GitHub Copilot CLI we will enable developers to configure selective task delegation to subagents powered by a local model. Using /fleet, the primary agent running in the cloud builds a plan, assesses the complexity of each task, and routes appropriate ones locally based on the models’ size and capability. This approach harnesses available local compute to reduce cost without compromising on quality. With Windows 11 PCs powered by capable silicon from AMD, Intel, NVIDIA and Qualcomm including workstation-class machines powered by AMD Ryzen™ AI MAX+ 395, new NVIDIA RTX Spark, and data-center-class systems like NVIDIA DGX Station for Windows, developers now have access to unmetered, tiered AI capabilities tailored to specific needs, from everyday development to frontier-class tasks.

Announcing Surface RTX Spark Dev Box available later this year

Surface RTX Spark Dev Box delivers GPU-first AI performance with the new NVIDIA RTX Spark silicon, providing 1 petaflop of AI compute[i] and 128GB of unified memory shared dynamically across CPU and GPU in a single memory address space. This hardware foundation is designed for model optimization, fine-tuning and large inference workloads. By making these workloads practical to run locally, it reduces reliance on cloud only workflows, helping avoid recurring token costs and usage spikes while keeping iteration fast and predictable. Surface RTX Spark Dev Box ships with developer optimized Windows 11 experience - preconfigured with all your essential developer tools - Visual Studio Code, GitHub Copilot available inline in Windows Terminal, WSL, PowerShell 7 and Windows settings tuned for development - so you spend less time configuring your machine and more time building from the moment you sign in. To learn more, check out the Devices blog. Surface RTX Spark Dev Box will be available later this year in the U.S. exclusively on Microsoft.com. Learn more at microsoft.com/devbox [ii]. https://www.youtube.com/watch?v=vzD4OvMIECM

Introducing DGX Station for Windows, available later this year

For decades, we have partnered with NVIDIA to bring the most powerful computing experiences to the world. DGX Station for Windows is the next step in a multi‑year journey to bring the full power of Windows and unlock breakthrough AI performance on the Windows platform. Building on the NVIDIA DGX Station™ system design, DGX Station for Windows is the ultimate deskside AI supercomputer bringing NVIDIA GB300 Grace Blackwell-class AI infrastructure directly into the Windows ecosystem — providing the compute needed to build, run and connect powerful AI agents to the applications and infrastructure Windows users already harness.  It can run frontier AI models up to 1 trillion parameters locally.

Stronger Windows security, reducing risk by default

Windows is strengthening its security foundation to reduce risk by default. New capabilities strengthen this foundation across key layers by reducing legacy risk, enforcing code trust and advancing cryptography. This raises the security bar at the platform level, protecting earlier in the lifecycle, not just after code runs.

• Prepare your applications for a post-quantum world on Windows. Windows continues to expand post-quantum cryptography (PQC) support across the platform, broadening algorithm coverage and integrating it more deeply into the platform. This includes PQ hybrid key exchange in the Windows TLS stack, support for composite PQC algorithms through Windows cryptography APIs (CNG) and certificate functions, and PQ certificate issuance via Active Directory Certificate Services (ADCS). Read more here.
• Move away from legacy authentication to stronger, more secure defaults, reducing exposure to known attack paths. IAKerb and LocalKDC (in WIP Server and Client) are configurable via new registry keys, helping reduce NTLM usage and enable stronger Kerberos-based authentication across more scenarios. Read more here.
• Ensure only trusted drivers run on your device by default. Driver signing now follows a higher security bar with an updated certification process. Windows is moving toward Windows Hardware Compatibility Program (WHCP) certified drivers as the default, with a staged transition from audit to enforcement and stronger trust requirements over time. Read more here.
• Protect devices from untrusted apps without disrupting users. Smart App Control for consumers and App Control for Business are expanding in coverage across millions of devices, with stronger reputation-based enforcement, new integration APIs and policy-driven control for enterprise environments.

Looking ahead

Build is always a moment to pause, reflect and look forward. As development continues to evolve, Windows will continue to provide developers with the flexibility to choose their tools, shape their workflows and decide how intelligence runs. Whether you’re building applications, deploying AI models or experimenting with agents, our goal is the same: to make Windows the best place to build - today and into the future. We’re excited to see what you create next. Join us throughout Build to learn more, explore the sessions and dive deeper into the updates shaping the Windows developer platform. [i] Source: NVIDIA. Based on 1 Theoretical FP4 TOPS using the sparsity feature. [ii] Microsoft Surface RTX Spark Dev Box and Surface Laptop Ultra are pre-release products. Products and features are subject to regulatory certification/approval; actual sale and delivery is contingent on compliance with applicable requirements.  

At Build 2025, we introduced the Prompt and Writing Assistance APIs in Microsoft Edge with the Phi-4-mini language model. Since then, we've heard from web developers, incorporated your feedback, and expanded Edge's on-device AI capabilities with new models and APIs. Today, we're introducing three updates:

1. A developer preview of the pre-release Aion-1.0-Instruct small language model for early testing and feedback.
2. The Language Detector and Translator APIs in Edge 148, powered by on-device, task-specific models.
3. Experimental on-device speech recognition with the Web Speech API, available in Edge Canary and Dev channels.

Developer preview of Aion-1.0-Instruct

For the past year, the Prompt and Writing Assistance APIs have used Phi-4-mini, a highly capable 4B-parameter language model, in Edge. While it delivers strong text understanding, reasoning, and instruction-following for web scenarios, the model's hardware requirements have limited its availability across devices. Today, we're introducing a developer preview of the pre-release Aion-1.0-Instruct small language model in Edge Canary and Dev channels. This language model is smaller, faster, and more efficient. It expands support to significantly more devices — including those with less capable GPUs and, through CPU-inference, devices without a GPU — while delivering strong quality for a wide range of web use-cases. https://www.youtube.com/watch?v=5RMUnykaFTY This preview allows you to evaluate Aion-1.0-Instruct in real-world web scenarios, test API interoperability, and provide feedback that will guide final optimizations, ahead of its planned open-source release on Hugging Face in July. To try out the model, explore the documentation for the Prompt API and Writing Assistance APIs, experiment with the playground samples, and share your feedback on GitHub.

Language Detector and Translator APIs in Edge 148

The Language Detector and Translator APIs enable websites and browser extensions to identify the language of text and translate between language pairs. These APIs are now available in Edge 148, powered by on-device, task-specific models built directly into the browser. They deliver fast, high-quality translation, support 145+ languages, and are optimized for translation workloads on the web. You can use these APIs from JavaScript in your site or extension, gaining improved user privacy, network independence, and zero translation costs compared to cloud-based services. In their simplest form, the Language Detector and Translator APIs can be used as shown:

// Create a Language Detector session.
const detector = await LanguageDetector.create();

// Detect the language of the text.
const results = await detector.detect(userText);

// Use the results.
for (const result of results) {
  // Show the full list of potential languages with their likelihood,
  // ranked from most likely to least likely.
  console.log(result.detectedLanguage, result.confidence);
}

// Create a Translator session.
const translator = await Translator.create({
  sourceLanguage: "es",
  targetLanguage: "en"
});

// Translate the text and wait for the translation to be done.
const translatedText = await translatorSession.translate(userText);

// Use the translation. 
console.log(translatedText);

https://www.youtube.com/watch?v=DRLG6jXEs50 To learn more, check out the documentation for the Language Detector API and Translator API, try our playground samples, and share your feedback in the Language Detector and Translator feedback issues on GitHub.

On-device speech recognition with the Web Speech API

The Web Speech API enables you to incorporate voice or audio input into websites and browser extensions. This API is typically backed by cloud-based services for speech recognition (speech-to-text) and synthesis (text-to-speech). In the latest Edge Canary and Dev channels, we're introducing a task-specific model that processes speech locally on the user's device. This on-device implementation improves user privacy, reduces latency, and unlocks low-connectivity scenarios that require network independence. Using the new on-device speech recognition capability requires only minor updates to your existing Web Speech API code, as shown:

// Create a SpeechRecognition instance.
const recognition = new SpeechRecognition();
recognition.lang = 'en-US';

// Use on-device speech recognition.
recognition.processLocally = true;

// Start speech recognition.
recognition.start();

https://www.youtube.com/watch?v=svw3dQn52YY To get started with on-device speech recognition, check out the documentation, try the playground demo, and share your feedback on GitHub.

Try it out and let us know

With the Aion-1.0-Instruct small language model, the new Language Detector and Translator APIs, and on-device speech recognition in Microsoft Edge, you can build AI-powered web experiences by leveraging models built into the browser, without relying on specialized hardware, cloud services, or domain-specific expertise. We invite you to explore these capabilities, experiment with the new models, and tell us what you build. Your feedback will shape the next iteration of on-device AI in Microsoft Edge, and we're excited to partner with you as we continue expanding what's possible for AI on the web.