containment

AI agents have evolved from simple question-answering systems to autonomous entities that can perform actions across various platforms. This shift raises concerns about control and trust, necessitating a change in security paradigms. Developers are now required to integrate security into the architecture of their platforms to maintain trust in agent deployment. Microsoft has expanded Agent 365 to manage local agents on Windows, introducing policy-based controls to govern agent actions. The Microsoft Execution Containers (MXC) SDK provides a policy-driven execution layer for agents, allowing developers to define constraints and ensuring consistent enforcement at runtime. Windows supports various containment options, including process and session isolation, to mitigate risks associated with agent behavior. Micro-VMs and Linux containers are also being integrated into the containment model. Windows 365 for Agents enables agents to operate in a managed cloud environment, limiting potential compromises. Collaborations with industry leaders aim to align containment strategies with developer needs. The security model is built on a foundation designed to minimize risk, incorporating features like passwordless sign-in and real-time protection through Windows Defender. The focus remains on enabling developers to create secure, governable agents for real-world deployment.