What is Microsoft’s MXC and How Does It Work?
Microsoft used its Build 2026 developer conference in San Francisco on June 2 to announce a layered security and governance framework for autonomous AI agents, introducing tools that span code-level vulnerability scanning, OS-level containment, and portable open-source policy standards.
Runtime Containment With MXC
Central to the announcement is the Microsoft Execution Containers (MXC) SDK, a cross-platform, policy-driven execution layer for AI agents running on Windows and Windows Subsystem for Linux. Rather than relying solely on application-level safeguards, MXC lets developers define constraints that Windows enforces at runtime, containing what agents can access and execute without eliminating their productivity value.
"Developers define what to constrain in their apps and agents, and Windows enforces those constraints consistently at runtime through MXC," Microsoft wrote in a Windows Developer Blog post announcing the early preview. The SDK integrates with Agent 365 and Microsoft Entra for identity-based policy controls, with Microsoft Defender telemetry built in.
NVIDIA announced same-day support for building AI agents on Windows PCs using tools compatible with the new security primitives.
MDASH Expands With 100-Plus Specialized Agents
Microsoft also revealed an expanded preview of MDASH, its multi-model agentic vulnerability scanning system first unveiled in May. The tool orchestrates more than 100 specialized AI agents to identify, validate, and verify exploitable flaws across codebases — filtering out noise to surface genuinely actionable risks.
At Build, Microsoft integrated MDASH into a broader enterprise control framework linking GitHub Security, Microsoft 365, and Purview.
Open-Source Governance: ASSERT and ACS
Alongside these platform-specific tools, Microsoft released two open-source projects designed to work across any agent framework. ASSERT (Adaptive Spec-driven Scoring for Evaluation and Regression Testing) converts organizational policies into concrete evaluation scenarios, surfacing safety defects before agents reach production. Agent Control Specification (ACS) provides a portable standard for placing deterministic safety controls at five checkpoints in an agent's lifecycle — input, LLM, state, tool execution, and output — expressed as versionable YAML policies.
"Think of ACS as the MCP or A2A of agent safety," Microsoft wrote, referring to Anthropic's Model Context Protocol and Google's Agent2Agent standard. Launch partners include IBM, KPMG, Zscaler, Arize AI, and CrewAI.
The announcements reflect Microsoft's bet that as enterprises move AI agents from experimentation to production, security and governance tooling — not just model capability — will determine platform adoption.
