At Build, Microsoft Makes It Clear That Autonomous AI Is Here to Stay. Should You Be Worried?

(Credit: Microsoft)

Truly independent (and potentially sinister) AI agents have long been a societal fear, dating back to sci-fi radio shows in the 1950s. And, now more than ever, it’s scary to think about what autonomous AI can do with a seemingly limitless supply of data.

Thankfully, the AI agents Microsoft introduced at its 2025 Build developer conference seem to have an amicable goal: To help you streamline your business and developer processes. The press materials for Build include 296 mentions of the word agent, beating Copilot’s 154 mentions, so you know it’s the main theme this year.

What's Being Announced at Microsoft Build?

Below are some of the key new agent technologies Microsoft is unveiling:

An Agent2Agent (A2A) Protocol that enables communication between agents

Agentic Memory for Teams, so it can recall previous interactions

An Agentic retrieval engine in Azure AI Search (currently in preview) that takes advantage of conversational history

An Agent Store, with prebuilt agents from Microsoft and partners

An Azure AI Foundry Agent Service that lets developers build AI agents for business processes, such as coordinating healthcare

Azure AI Foundry Local, which enables developers to run agents on local macOS and Windows hardware

A Computer Using Agent that lets agents control desktop and web apps in a virtual machine

Entra Agent ID for authenticating AI agents (or coworkers, as Microsoft calls them) à la the human-concerned Active Directory

A Microsoft 365 Agents SDK for building agents in Office apps

A Microsoft 365 Copilot app for human-agent collaboration

The Entra identity for agents is key to Microsoft's strategy. "Agentic AI is gaining momentum for its ability to combine large language models with reasoning to deliver real outcomes," said IDC's group vice president of security and trust, Frank Dickson. "As we scale autonomous capabilities, identity becomes critical—robust authentication, access provisioning, fine-grained authorization, and governance are essential."

Agents will get Microsoft Entra identities, just like users

Microsoft is also announcing tools to help with creating agents. Copilot Tuning, for example, lets you train AI models on your business’s internal data and impose restrictions on its use and permissions.

Support for a couple of existing public protocols will help the widespread adoption of agents, too. The first is Model Context Protocol (MCP), which allows agents access to data and services and supports public or private repositories of the agents. The second is NLWeb, which Microsoft bills as the HTML of the agentic web. According to Microsoft’s press materials, “NLWeb makes it easy for websites to provide a conversational interface for their users with only a few lines of code, the model of their choice and their own data, allowing users to interact directly with web content in a rich, semantic manner.”

Diagram showing Model Context Protocol (MCP) support in Windows 11

Is Microsoft Taking Steps to Protect Against Agentic Threats?

Microsoft is leaning hard into AI agents, and these technologies indeed seem capable of making the web and Windows more powerful. But what about the nightmare scenario of uncontrolled and malicious AI? After all, rogue AI agents can do a lot of damage with access to all the sensitive data associated with the above products and services.

In a related blog post, Microsoft CVP David Weston acknowledges risks of attacks from a confused deputy exposing sensitive functionality, prompt injection, tool poisoning, unwanted remote access, and others. Weston says, “The goal for Windows 11 as an agentic OS is to provide the strongest fundamental security capabilities while also evolving and adapting to emerging threats.” Microsoft has itemized security principles for AI on Windows, too. It requires developers to employ the principle of least privilege and code isolation, meet a baseline set of security requirements, and put the user in control for sensitive operations.

Windows 11 will include technology controls to enforce those principles, including routing agentic interactions through a secure proxy for mediation, a requirement for top-level user authorization to access tools, a central server registry of trustworthy AI agent sources, and runtime isolation to limit the “blast radius” should an attack occur.

Will it be enough? Probably, in most cases. But I expect to see some security bumps in the road to agentic AI in Windows and elsewhere. It’s reassuring that Microsoft seems to be taking the issue seriously, at least. Weston states, “Security is not a one-time feature—it’s a continuous commitment.” Let’s hope the commitment is strong enough to avoid major catastrophes for your computer and beyond.

About Our Expert

Michael Muchmore

Contributor

My Experience

I've been testing PC and mobile software for more than 20 years, focusing on photo and video editing, operating systems, and web browsers. Prior to my current role, I covered software and apps for ExtremeTech and headed up PCMag’s enterprise software team. I’ve attended trade shows for Microsoft, Google, and Apple and written about all of them and their products.

I still get a kick out of seeing what's new in video and photo editing software, and how operating systems change over time. I was privileged to byline the cover story of the last print issue of PC Magazine, the Windows 7 review, and I’ve witnessed every Microsoft misstep and win, up to the latest Windows 11.

I’m an avid bird photographer and traveler—I’ve been to 40 countries, many with great birds! Because I’m also a classical music fan and former performer, I’ve reviewed streaming services that emphasize classical music.

Technology I Use

For everyday work, I use a good-old Dell tower with 16GB of RAM, a 12th-gen Intel Core i7 processor, and an Nvidia RTX 3060 Ti GPU that runs on Windows 11. I pair it with a 4K Lenovo ThinkVision P27u-10 monitor and a Logitech MX Vertical mouse. For offsite work, I use a 2024 Microsoft Surface Laptop with a Qualcomm Snapdragon X Elite processor. Camera-wise, I moved to mirrorless from a Canon EOS 80D with a Canon 70-300mm IS USM lens. I now have a Canon EOS R7 with a 100-400mm lens, but I miss my DSLR for several reasons.

In order of usage, the software I turn to most frequently is the Edge web browser, Slack, Adobe Creative Cloud, Microsoft 365, Firefox, Brave, and WhatsApp. I use the Windows Phone link app to see everything on my Samsung Galaxy S21 Ultra phone, which has excellent telephoto capability.

For fitness monitoring, I have a Fitbit Charge 6 and use an Anker Smart Scale P1. I’m also a streaming fan, so I subscribe to both Amazon Music Unlimited (especially for its Dolby Atmos content) and Qobuz (for its high-res sound quality and classical catalog). I recently added a Vizio 5.1 Soundbar SE, which sounds surprisingly good given its low price. To holler commands instead of using a remote control, I have the Amazon Fire TV Cube in the living room, which lets me verbally tell the TV what I want to watch. It hooks up to an LG B4 OLED TV. I have a Sonos One speaker in my kitchen that also ties in with Alexa, as does the Echo Dot 2 With Clock in my bedroom. For serious listening, I have B&W 601 speakers plugged into a Conrad-Johnson Sonographe amp and preamp, with a Cambridge Audio AXN10 streamer as source. For reading, I also have a Nook GlowLight 3.

Read the latest from Michael Muchmore

Read full bio