Building Agents You Can Trust on Windows | BRK262

Name: Building Agents You Can Trust on Windows | BRK262
Uploaded: 2026-06-03T08:56:37+00:00
Description: Kirupa Chinnathambi, Stuart Schaefer, and Patrick Nikoletich explain how Windows is evolving to support AI agents that can take real actions (run commands,...

Today by Kirupa Chinnathambi, Stuart Schaefer, Patrick Nikoletich

Kirupa Chinnathambi, Stuart Schaefer, and Patrick Nikoletich explain how Windows is evolving to support AI agents that can take real actions (run commands, modify files, move data) while staying within clear safety boundaries, including identity, containment, and ongoing supervision.

Overview

This Microsoft Build 2026 breakout focuses on Windows “primitives” for building trustworthy, action-taking AI agents. The session shows how agents can:

Discover what capabilities are available on a system
Reason and plan actions
Execute AI-powered activities across the OS
Stay within boundaries enforced by Windows via permission scoping, inspection, developer tool capabilities, and rollback

Key problems addressed: autonomy and risk

The speakers frame the core challenge: modern agents are increasingly autonomous and can perform high-impact operations (commands, file changes, data movement). That autonomy creates risks when:

The agent’s permissions don’t match the user’s intent
The agent can access more of the system than it should
There isn’t sufficient inspection, supervision, or recovery when something goes wrong

Windows approach: making agents “safe by design”

The breakout positions Windows as a platform layer that can provide consistent safety controls for agent execution, including:

Permission scoping: limiting what an agent can do and where it can do it
Inspection: enabling review/visibility into what the agent is attempting or has done
Developer tool capabilities: platform support for building and debugging agent behaviors safely
Rollback: recovery mechanisms to undo or revert changes

Agent identity

A major theme is the concept of agent identity:

Treating an agent as a distinct actor with its own identity characteristics
Using that identity to reason about what the agent is allowed to do
Demonstrating how identity ties into the broader safety model

Containment and Microsoft Execution Containers (MXC)

The session introduces Microsoft Execution Containers (MXC) as part of the containment story.

Containment principle

Agents should run in a constrained environment that reduces blast radius
The platform should enforce boundaries even if the agent behaves unexpectedly

Demo highlights

The speakers show:

Sandbox configuration using MXC
A malicious agent test to demonstrate how containment limits harmful actions

Manageability and continuous supervision

Another pillar is manageability, described as ongoing control and oversight of agent behavior, including continuous supervision rather than one-time approval.

GitHub Copilot sandboxing integration

The breakout also calls out GitHub Copilot sandboxing integration, including CLI-oriented demos, to show how developer tooling can plug into Windows safety primitives so that agentic workflows remain controlled.

Session structure (chapters)

Introduction and session overview
Current problems with AI agents and risks of autonomy
GitHub Copilot insights and permission mismatch issues
Windows role in making agents safe by design
Agent identity concept and demonstration
Containment principle and Microsoft Execution Containers (MXC) introduction
MXC demo: sandbox configuration and malicious agent test
Agent manageability and continuous supervision
GitHub Copilot sandboxing integration and CLI demos
Summary: identity, containment, manageability, and Windows ecosystem integration

Resources

https://aka.ms/build26-next-steps
Microsoft Build sessions: https://build.microsoft.com