[IND] 8 min readOraCore Editors

Microsoft Build 2026: Securing code, agents, and models

Microsoft is adding agentic security tools across code, agents, and models, including MDASH, Agent 365, and Defender integrations.

Share LinkedIn
Microsoft Build 2026: Securing code, agents, and models

Microsoft announced new security tools for code, agents, and models across the development lifecycle.

Microsoft used Build 2026 to push a simple message: AI speed without security is a bad trade. The company says its new tools span code scanning, agent governance, and model protection, with MDASH previewing a pipeline of more than 100 AI agents and Agent 365 expanding into local agent oversight.

ItemWhat Microsoft saidWhy it matters
MDASHMore than 100 specialized AI agentsFinds and validates exploitable code issues
CyberGym score96.55%Shows recent benchmark progress
SignalsOver 100 trillion per dayFeeds risk detection at enterprise scale
Agent 365More than 20 local agent typesTracks coding agents, desktop apps, and MCP servers

Microsoft is pushing security earlier in the dev loop

Get the latest AI news in your inbox

Weekly picks of model releases, tools, and deep dives — no spam, unsubscribe anytime.

No spam. Unsubscribe at any time.

The core argument in Microsoft’s Microsoft Security Blog post is that security cannot sit at the end of the pipeline anymore. Developers are using AI tools to move faster, while security teams are trying to keep up with more code, more agents, and more data paths than traditional controls were built for.

Microsoft Build 2026: Securing code, agents, and models

Microsoft is responding by folding security into the places developers already work: GitHub Code Security, Microsoft Defender, Microsoft Entra, and Microsoft Intune. That matters because the old model, where security reviews arrive late and slow everything down, breaks once AI starts generating code and spinning up agents at scale.

The company’s pitch is operational, not abstract. It wants to identify real exploit paths, enrich findings with production context, and route fixes back into developer workflows before issues harden into incidents. That is a more practical goal than blanket scanning, and it matches how modern teams actually ship software.

  • MDASH is in expanded preview for eligible organizations.
  • GitHub Defender integration is generally available.
  • Agent 365 SDK is generally available.
  • Windows 365 for Agents is generally available.

MDASH is built to find exploitable bugs, not noise

The most interesting piece here is MDASH, short for Microsoft Security multi-model agentic scanning harness. Microsoft says it uses a configurable panel of models, from stronger reasoning models to cheaper ones for high-volume work, then coordinates more than 100 specialized agents to discover, validate, and prove exploitability across codebases in popular languages.

That detail matters. A lot of security tools can flag suspicious code. Far fewer can prove whether a weakness is actually exploitable in context. Microsoft is betting that an agentic system, with multiple models and a lot of orchestration, can cut through false positives better than a single model or a rules-only scanner.

“What Microsoft is building with MDASH reflects a meaningful shift from reactive, rule-based scanning to agentic systems that can reason across complex codebases like a skilled security researcher,” says Kris Burkhardt, Chief Information Security Officer at Accenture.

Microsoft also says MDASH recently rose about 10% in less than three weeks to a CyberGym benchmark score of 96.55%. That is a strong number, but the more useful signal is the combination of benchmark progress and productization. Microsoft is not presenting this as a lab demo. It is framing MDASH as something that can sit in enterprise workflows and help teams decide what to fix first.

There is also a scale argument behind the system. Microsoft cites more than 100 trillion signals a day, which suggests the company wants exploit detection to be informed by broad telemetry, not just static code analysis. That kind of scale only helps if the output stays actionable, and that is exactly what Microsoft is trying to prove.

  • MDASH uses more than 100 specialized AI agents.
  • Microsoft says the system works across popular programming languages.
  • The CyberGym score mentioned in the post is 96.55%.
  • Microsoft says it processes over 100 trillion signals per day.

Defender and GitHub now share more runtime context

Microsoft is also pairing MDASH with a more immediate workflow change: the integration between GitHub Code Security and Microsoft Defender. This part is generally available, and it matters because it brings production signals into the development process.

Microsoft Build 2026: Securing code, agents, and models

Instead of treating every vulnerability the same, Microsoft says findings can be enriched with runtime facts such as internet exposure and data sensitivity. That gives security teams a better shot at prioritizing the bugs that could actually hurt the business. It also gives developers a clearer target when they use AI-assisted remediation through GitHub Copilot Autofix and the Copilot cloud agent.

Microsoft is careful to wrap this in access controls too. Role-based permissions are meant to keep sensitive findings in the right hands, which is important when the same pipeline handles both confirmed vulnerabilities and potential weaknesses. The point is to keep the workflow fast without turning every alert into a free-for-all.

For teams already buried in security debt, this is the most immediately practical part of the announcement. It does not require a new mental model. It just connects code, production context, and remediation in one place.

Agents now need identity, policy, and runtime control

Microsoft’s second big theme is that agents are becoming part of the application stack, which means they need the same kind of governance that apps and services already get. The company is extending Agent 365 so developers can add observability, access controls, and compliance checks directly into agent design and deployment.

That is paired with runtime controls on Windows. Microsoft says the Microsoft Execution Container SDK gives OS-level control over agent execution, while Windows 365 for Agents can run agents inside an isolated, policy-governed Cloud PC. In plain English: Microsoft wants agents to be observable, bounded, and easier to shut down if they misbehave.

Agent 365 is also getting an Intune-backed registry for unmanaged local agents. Microsoft says it can surface more than 20 local agent types, including coding agents, AI desktop apps, and local or remote Model Context Protocol servers. That is a direct response to agent sprawl, which is already becoming a real headache for security teams.

  • Agent 365 SDK is generally available.
  • Microsoft says the registry can surface more than 20 local agent types.
  • Windows 365 for Agents is generally available.
  • Local and remote MCP servers are included in the registry scope.

The real story is control, not just capability

Microsoft’s Build 2026 security message is less about flashy AI demos and more about control points. The company is trying to answer a question every enterprise will face this year: if models can write code, agents can act on it, and security tools can inspect both, where do you put the guardrails?

The answer Microsoft is offering is layered. MDASH tries to prove exploitability. Defender and GitHub Code Security add runtime context. Agent 365 brings identity and governance to agents. Purview adds data controls for exfiltration and risk discovery. Put together, that is a stack meant to keep AI development moving while reducing the chance that speed turns into exposure.

The strongest signal here is not any single product. It is that Microsoft is treating agent security as a full lifecycle problem, from code to runtime to data. If MDASH keeps improving and Agent 365 gets broad adoption, the next obvious question is whether other cloud and security vendors can match this level of integration, or whether Microsoft will define the default operating model for enterprise AI security.