As enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from becoming a security headache.At its annual developer conference, Microsoft Build, the company unveiled a set of initiatives, including a brand new runtime containment offering, Microsoft Execution Container (MXC), for agentic AI workloads, and improvements to its recently launched multi-agent vulnerability research system MDASH, among others.“AI is accelerating development and introducing new issues around insecure code, opaque models, data exposure, and compliance,” Aleš Holeček, chief architect at Microsoft Security, said in a blog post. The new tools and capabilities will “give developers clear guidance in real time, scale with the complexity of tasks, and provide security teams with a consistent view across the full lifecycle,” he added.The idea of sandboxing untrusted code is obviously not new. Containers, VMs, browser sandboxes, and GitHub Codespaces all exist. What’s new is that Microsoft is positioning MXC as a dedicated runtime containment environment for agentic AI workloads, where autonomous agents can take actions, invoke tools, modify code, and access resources.A lot is said and seen about what could happen when these agents have a little too much autonomy. Coding agents today can access files they shouldn’t, leak secrets, make unauthorized network calls, and execute other unexpected actions.Microsoft puts AI agents in a security sandboxMicrosoft Execution Containers are a new containment technology intended to place guardrails around autonomous AI agents. It is a policy-driven execution workflow that lets developers specify what an AI agent can access, such as files, networks, resources, credentials, and then enforces those boundaries at runtime.“MXC is a sandboxed code execution system for running untrusted code (model output, plugins, tools) on Windows, Linux, and macOS,” Microsoft’s official description of the offering reads. “It provides multiple containment backends — from OS-native process sandboxes to full VMs — behind a unified JSON configuration schema and TypeScript SDK.”Build announcements also included Microsoft’s two new offerings made public in May 2026. These included the Agent 365 SDK, which provides developers with tools to build, deploy, and manage AI agents, and Windows 365 for Agents, a managed environment intended to give autonomous agents dedicated cloud-based workspaces.Microsoft also revealed its plans for MXC, serving as a security foundation for several agent platforms. Agent 365 will integrate with the framework to bring controls from Defender, Entra, Intune, and Purview to agent environments, while OpenClaw and NVIDIA’s OpenShell are already adopting MXC to run AI agents within isolated execution containers designed to limit risk and improve runtime security.MDASH moves beyond a research projectWhile MXC fell under Microsoft’s “secure your agents” initiative at Build, the “secure your code” drive had the company announce updates to its Security Multi-model Agentic Scanning Harness (MDASH). The system claims to use more than 100 specialized AI agents operating across multiple models to identify vulnerabilities, assess exploitability, and reduce false positives before findings reach security teams.At Build, Microsoft positioned MDASH as part of a broader enterprise security workflow, announcing expanded preview availability and integration with Microsoft Defender.MDASH was first introduced in May, when it was revealed to have helped uncover multiple Windows vulnerabilities, including critical remote code execution flaws.Open-source controls aim to govern agent behaviorMicrosoft also used Build to introduce two open-source initiatives designed to address the governance challenges around AI agents.The first, Adaptive Spec-driven Scoring for Evaluation and Regression Testing (ASSERT), is intended to help organizations evaluate agent behavior against defined security and operational requirements.The second, the Agent Control Specifications (ACS), provides an open standard framework for defining and enforcing governance policies in a portable manner, capable of moving with the agent across different frameworks, platforms, and runtimes instead of being tied to a specific vendor’s technology stack. Together, MXC, MDASH, ASSERT, and ACS sum up Microsoft’s attempt at securing AI models’ entire lifecycle, from the code they generate to the actions they take later.