[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-microsoft-build-2026-securing-code-agents-models-en":3,"article-related-microsoft-build-2026-securing-code-agents-models-en":30,"series-industry-2a50a3e6-3552-4dc4-9774-a062f0593447":73},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":22,"views":26,"created_at":27,"published_at":28,"topic_cluster_id":29},"2a50a3e6-3552-4dc4-9774-a062f0593447","microsoft-build-2026-securing-code-agents-models-en","Microsoft Build 2026: Securing code, agents, and models","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Ftag\u002Fmicrosoft\">Microsoft\u003C\u002Fa> announced new security tools for code, agents, and models across the development lifecycle.\u003C\u002Fp>\u003Cp>Microsoft used Build 2026 to push a simple message: AI speed without security is a bad trade. The company says its new tools span code scanning, agent governance, and model protection, with MDASH previewing a pipeline of more than 100 \u003Ca href=\"\u002Ftag\u002Fai-agents\">AI agents\u003C\u002Fa> and Agent 365 expanding into local agent oversight.\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>Item\u003C\u002Fth>\u003Cth>What Microsoft said\u003C\u002Fth>\u003Cth>Why it matters\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>MDASH\u003C\u002Ftd>\u003Ctd>More than 100 specialized AI agents\u003C\u002Ftd>\u003Ctd>Finds and validates exploitable code issues\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>CyberGym score\u003C\u002Ftd>\u003Ctd>96.55%\u003C\u002Ftd>\u003Ctd>Shows recent benchmark progress\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Signals\u003C\u002Ftd>\u003Ctd>Over 100 trillion per day\u003C\u002Ftd>\u003Ctd>Feeds risk detection at enterprise scale\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Agent 365\u003C\u002Ftd>\u003Ctd>More than 20 local agent types\u003C\u002Ftd>\u003Ctd>Tracks coding agents, desktop apps, and MCP servers\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>Microsoft is pushing security earlier in the dev loop\u003C\u002Fh2>\u003Cp>The core argument in Microsoft’s \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F06\u002F02\u002Fmicrosoft-build-2026-securing-code-agents-and-models-across-the-development-lifecycle\u002F\" target=\"_blank\" rel=\"noopener\">Microsoft Security Blog\u003C\u002Fa> post is that security cannot sit at the end of the pipeline anymore. Developers are using AI tools to move faster, while security teams are trying to keep up with more code, more agents, and more data paths than traditional controls were built for.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782903775971-4vnt.png\" alt=\"Microsoft Build 2026: Securing code, agents, and models\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>Microsoft is responding by folding security into the places developers already work: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsecurity\u002Fadvanced-security\" target=\"_blank\" rel=\"noopener\">GitHub Code Security\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fendpoint-security\u002Fmicrosoft-defender-endpoint\" target=\"_blank\" rel=\"noopener\">Microsoft Defender\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fidentity-access\u002Fmicrosoft-entra\" target=\"_blank\" rel=\"noopener\">Microsoft Entra\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fendpoint-management\u002Fmicrosoft-intune\" target=\"_blank\" rel=\"noopener\">Microsoft Intune\u003C\u002Fa>. That matters because the old model, where security reviews arrive late and slow everything down, breaks once AI starts generating code and spinning up agents at scale.\u003C\u002Fp>\u003Cp>The company’s pitch is operational, not abstract. It wants to identify real exploit paths, enrich findings with production context, and route fixes back into developer workflows before issues harden into incidents. That is a more practical goal than blanket scanning, and it matches how modern teams actually ship software.\u003C\u002Fp>\u003Cul>\u003Cli>MDASH is in expanded preview for eligible organizations.\u003C\u002Fli>\u003Cli>GitHub Defender integration is generally available.\u003C\u002Fli>\u003Cli>Agent 365 SDK is generally available.\u003C\u002Fli>\u003Cli>Windows 365 for Agents is generally available.\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>MDASH is built to find exploitable bugs, not noise\u003C\u002Fh2>\u003Cp>The most interesting piece here is \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F\" target=\"_blank\" rel=\"noopener\">MDASH\u003C\u002Fa>, short for Microsoft Security multi-model agentic scanning harness. Microsoft says it uses a configurable panel of models, from stronger reasoning models to cheaper ones for high-volume work, then coordinates more than 100 specialized agents to discover, validate, and prove exploitability across codebases in popular languages.\u003C\u002Fp>\u003Cp>That detail matters. A lot of security tools can flag suspicious code. Far fewer can prove whether a weakness is actually exploitable in context. Microsoft is betting that an agentic system, with multiple models and a lot of orchestration, can cut through false positives better than a single model or a rules-only scanner.\u003C\u002Fp>\u003Cblockquote>“What Microsoft is building with MDASH reflects a meaningful shift from reactive, rule-based scanning to agentic systems that can reason across complex codebases like a skilled security researcher,” says Kris Burkhardt, Chief Information Security Officer at Accenture.\u003C\u002Fblockquote>\u003Cp>Microsoft also says MDASH recently rose about 10% in less than three weeks to a CyberGym \u003Ca href=\"\u002Ftag\u002Fbenchmark\">benchmark\u003C\u002Fa> score of 96.55%. That is a strong number, but the more useful signal is the combination of benchmark progress and productization. Microsoft is not presenting this as a lab demo. It is framing MDASH as something that can sit in enterprise workflows and help teams decide what to fix first.\u003C\u002Fp>\u003Cp>There is also a scale argument behind the system. Microsoft cites more than 100 trillion signals a day, which suggests the company wants exploit detection to be informed by broad telemetry, not just static code analysis. That kind of scale only helps if the output stays actionable, and that is exactly what Microsoft is trying to prove.\u003C\u002Fp>\u003Cul>\u003Cli>MDASH uses more than 100 specialized AI agents.\u003C\u002Fli>\u003Cli>Microsoft says the system works across popular programming languages.\u003C\u002Fli>\u003Cli>The CyberGym score mentioned in the post is 96.55%.\u003C\u002Fli>\u003Cli>Microsoft says it processes over 100 trillion signals per day.\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>Defender and GitHub now share more runtime context\u003C\u002Fh2>\u003Cp>Microsoft is also pairing MDASH with a more immediate workflow change: the integration between \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsecurity\u002Fadvanced-security\" target=\"_blank\" rel=\"noopener\">GitHub Code Security\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fendpoint-security\u002Fmicrosoft-defender-endpoint\" target=\"_blank\" rel=\"noopener\">Microsoft Defender\u003C\u002Fa>. This part is generally available, and it matters because it brings production signals into the development process.\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782903772311-guhd.png\" alt=\"Microsoft Build 2026: Securing code, agents, and models\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>Instead of treating every vulnerability the same, Microsoft says findings can be enriched with runtime facts such as internet exposure and data sensitivity. That gives security teams a better shot at prioritizing the bugs that could actually hurt the business. It also gives developers a clearer target when they use AI-assisted remediation through \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffeatures\u002Fcopilot\" target=\"_blank\" rel=\"noopener\">GitHub Copilot\u003C\u002Fa> Autofix and the Copilot cloud agent.\u003C\u002Fp>\u003Cp>Microsoft is careful to wrap this in access controls too. Role-based permissions are meant to keep sensitive findings in the right hands, which is important when the same pipeline handles both confirmed vulnerabilities and potential weaknesses. The point is to keep the workflow fast without turning every alert into a free-for-all.\u003C\u002Fp>\u003Cp>For teams already buried in security debt, this is the most immediately practical part of the announcement. It does not require a new mental model. It just connects code, production context, and remediation in one place.\u003C\u002Fp>\u003Ch2>Agents now need identity, policy, and runtime control\u003C\u002Fh2>\u003Cp>Microsoft’s second big theme is that agents are becoming part of the application stack, which means they need the same kind of governance that apps and services already get. The company is extending \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fidentity-access\u002Fmicrosoft-entra\" target=\"_blank\" rel=\"noopener\">Agent 365\u003C\u002Fa> so developers can add observability, access controls, and compliance checks directly into agent design and deployment.\u003C\u002Fp>\u003Cp>That is paired with runtime controls on Windows. Microsoft says the \u003Ca href=\"https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002Fwindows\u002Fai\u002Fagent-execution-container\u002F\" target=\"_blank\" rel=\"noopener\">Microsoft Execution Container\u003C\u002Fa> SDK gives OS-level control over agent execution, while \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fwindows-365\u002Fenterprise\u002F\" target=\"_blank\" rel=\"noopener\">Windows 365 for Agents\u003C\u002Fa> can run agents inside an isolated, policy-governed Cloud PC. In plain English: Microsoft wants agents to be observable, bounded, and easier to shut down if they misbehave.\u003C\u002Fp>\u003Cp>Agent 365 is also getting an \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fbusiness\u002Fendpoint-management\u002Fmicrosoft-intune\" target=\"_blank\" rel=\"noopener\">Intune\u003C\u002Fa>-backed registry for unmanaged local agents. Microsoft says it can surface more than 20 local agent types, including coding agents, AI desktop apps, and local or remote \u003Ca href=\"https:\u002F\u002Fmodelcontextprotocol.io\u002F\" target=\"_blank\" rel=\"noopener\">Model Context Protocol\u003C\u002Fa> servers. That is a direct response to agent sprawl, which is already becoming a real headache for security teams.\u003C\u002Fp>\u003Cul>\u003Cli>Agent 365 SDK is generally available.\u003C\u002Fli>\u003Cli>Microsoft says the registry can surface more than 20 local agent types.\u003C\u002Fli>\u003Cli>Windows 365 for Agents is generally available.\u003C\u002Fli>\u003Cli>Local and remote MCP servers are included in the registry scope.\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>The real story is control, not just capability\u003C\u002Fh2>\u003Cp>Microsoft’s Build 2026 security message is less about flashy AI demos and more about control points. The company is trying to answer a question every enterprise will face this year: if models can write code, agents can act on it, and security tools can inspect both, where do you put the guardrails?\u003C\u002Fp>\u003Cp>The answer Microsoft is offering is layered. MDASH tries to prove exploitability. Defender and \u003Ca href=\"\u002Ftag\u002Fgithub\">GitHub\u003C\u002Fa> Code Security add runtime context. Agent 365 brings identity and governance to agents. Purview adds data controls for exfiltration and risk discovery. Put together, that is a stack meant to keep AI development moving while reducing the chance that speed turns into exposure.\u003C\u002Fp>\u003Cp>The strongest signal here is not any single product. It is that Microsoft is treating agent security as a full lifecycle problem, from code to runtime to data. If MDASH keeps improving and Agent 365 gets broad adoption, the next obvious question is whether other cloud and security vendors can match this level of integration, or whether Microsoft will define the default operating model for \u003Ca href=\"\u002Ftag\u002Fenterprise-ai\">enterprise AI\u003C\u002Fa> security.\u003C\u002Fp>","Microsoft is adding agentic security tools across code, agents, and models, including MDASH, Agent 365, and Defender integrations.","www.microsoft.com","https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fsecurity\u002Fblog\u002F2026\u002F06\u002F02\u002Fmicrosoft-build-2026-securing-code-agents-and-models-across-the-development-lifecycle\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782903775971-4vnt.png","industry","en","a0b99632-c8ec-4590-8549-4f9cbbb48b88",[17,18,19,20,21],"Microsoft Build 2026","MDASH","Agent 365","GitHub Code Security","Microsoft Defender",[23,24,25],"Microsoft is moving security earlier in the development cycle with tools for code, agents, and models.","MDASH uses more than 100 AI agents and a multi-model setup to find exploitable vulnerabilities.","Agent 365, Defender, Intune, and Windows 365 are becoming the control layer for enterprise agents.",0,"2026-07-01T11:02:29.750881+00:00","2026-07-01T11:02:29.731+00:00","3c252188-64cf-44be-a480-13401312c922",{"tags":31,"relatedLang":32,"relatedPosts":36},[],{"id":15,"slug":33,"title":34,"language":35},"microsoft-build-2026-securing-code-agents-models-zh","Microsoft Build 2026：先管住 AI 再談加速","zh",[37,43,49,55,61,67],{"id":38,"slug":39,"title":40,"cover_image":41,"image_url":41,"created_at":42,"category":13},"777fb6b4-cb95-4faf-8ba2-c915ec340a22","bootdev-go-course-turns-syntax-into-services-en","Boot.dev’s Go course turns syntax into services","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782908267986-zkta.png","2026-07-01T12:17:23.153094+00:00",{"id":44,"slug":45,"title":46,"cover_image":47,"image_url":47,"created_at":48,"category":13},"17d21a9f-2d64-49c0-8a04-fa24d2fab8c6","suse-openchip-risc-v-eu-sovereign-stack-en","SUSE and Openchip turn RISC-V into an EU stack","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782907407926-u3lb.png","2026-07-01T12:02:56.604284+00:00",{"id":50,"slug":51,"title":52,"cover_image":53,"image_url":53,"created_at":54,"category":13},"5040a23c-22d0-47ab-94a5-e10ca77708cb","risc-v-hobbyists-open-hardware-obsession-en","RISC-V hobbyists are proving open hardware still rewards obsession","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782906473059-5j1x.png","2026-07-01T11:47:21.943456+00:00",{"id":56,"slug":57,"title":58,"cover_image":59,"image_url":59,"created_at":60,"category":13},"2556ac13-b8df-462c-be84-5329736ef75e","pentagon-agent-network-ai-battle-decisions-en","Pentagon’s Agent Network speeds AI battle decisions","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782902875963-uxp2.png","2026-07-01T10:47:22.497964+00:00",{"id":62,"slug":63,"title":64,"cover_image":65,"image_url":65,"created_at":66,"category":13},"18bc1f11-955c-4b08-aca6-0b3d19d7a3f0","codex-openai-coding-agent-real-work-en","Codex is OpenAI’s coding agent for real work","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782900170418-bnnh.png","2026-07-01T10:02:23.007076+00:00",{"id":68,"slug":69,"title":70,"cover_image":71,"image_url":71,"created_at":72,"category":13},"f42a2e7a-4d28-4211-94ab-570e53975969","vcs-fund-ai-coding-security-first-en","VCs Should Fund AI Coding, But Only If Security Comes First","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782897466736-cavr.png","2026-07-01T09:17:21.927016+00:00",[74,79,84,89,94,99,104,109,114,119],{"id":75,"slug":76,"title":77,"created_at":78},"d35a1bd9-e709-412e-a2df-392df1dc572a","ai-impact-2026-developments-market-en","AI's Impact in 2026: Key Developments and Market Shifts","2026-03-25T16:20:33.205823+00:00",{"id":80,"slug":81,"title":82,"created_at":83},"5ed27921-5fd6-492e-8c59-78393bf37710","trumps-ai-legislative-framework-en","Trump's AI Legislative Framework: What's Inside?","2026-03-25T16:22:20.005325+00:00",{"id":85,"slug":86,"title":87,"created_at":88},"e454a642-f03c-4794-b185-5f651aebbaca","nvidia-gtc-2026-key-highlights-innovations-en","NVIDIA GTC 2026: Key Highlights and Innovations","2026-03-25T16:22:47.882615+00:00",{"id":90,"slug":91,"title":92,"created_at":93},"0ebb5b16-774a-4922-945d-5f2ce1df5a6d","claude-usage-diversifies-learning-curves-en","Claude Usage Diversifies, Learning Curves Emerge","2026-03-25T16:25:50.770376+00:00",{"id":95,"slug":96,"title":97,"created_at":98},"69934e86-2fc5-4280-8223-7b917a48ace8","openclaw-ai-commoditization-concerns-en","OpenClaw's Rise Raises Concerns of AI Model Commoditization","2026-03-25T16:26:30.582047+00:00",{"id":100,"slug":101,"title":102,"created_at":103},"b4b2575b-2ac8-46b2-b90e-ab1d7c060797","google-gemini-ai-rollout-2026-en","Google's Gemini AI Rollout Extended to 2026","2026-03-25T16:28:14.808842+00:00",{"id":105,"slug":106,"title":107,"created_at":108},"6e18bc65-42ae-4ad0-b564-67d7f66b979e","meta-llama4-fabricated-results-scandal-en","Meta's Llama 4 Scandal: Fabricated AI Test Results Unveiled","2026-03-25T16:29:15.482836+00:00",{"id":110,"slug":111,"title":112,"created_at":113},"bf888e9d-08be-4f47-996c-7b24b5ab3500","accenture-mistral-ai-deployment-en","Accenture and Mistral AI Team Up for AI Deployment","2026-03-25T16:31:01.894655+00:00",{"id":115,"slug":116,"title":117,"created_at":118},"5382b536-fad2-49c6-ac85-9eb2bae49f35","mistral-ai-high-stakes-2026-en","Mistral AI: Facing High Stakes in 2026","2026-03-25T16:31:39.941974+00:00",{"id":120,"slug":121,"title":122,"created_at":123},"9da3d2d6-b669-4971-ba1d-17fdb3548ed5","cursors-meteoric-rise-pressures-en","Cursor's Meteoric Rise Faces Industry Pressures","2026-03-25T16:32:21.899217+00:00"]