Microsoft on Monday unveiled the Surface RTX Spark Dev Box, a compact desktop computer designed to let software developers run large AI models on their desks instead of paying for cloud computing — a move that directly challenges the per-token pricing model that has defined the AI industry’s economics since ChatGPT launched three and a half years ago.

The device, announced at Microsoft Build 2026, packs Nvidia’s new Blackwell-architecture RTX Spark processor and 128 gigabytes of unified memory into a small-form-factor chassis, delivering what Nvidia rates at one petaflop of AI compute. In practical terms, that means a developer can load, run and interact with AI models exceeding 120 billion parameters without sending a single API call to the cloud.

“These class of devices, we think, will get to about 100 billion parameter model running,” Pavan Davuluri, Microsoft’s executive vice president of Windows and Devices, said during a press briefing ahead of the event. He emphasized that raw model size is only part of the equation: “The model size is one thing, but for the model to be effective, it kind of needs to be able to have enough context, because a larger model, you feed it larger context.” At 100,000 tokens of context, he noted, the key-value cache alone can consume 40 to 50 gigabytes of memory — which is precisely why Microsoft and Nvidia engineered the device around a 128-gigabyte unified memory pool shared dynamically between the CPU and GPU.

The machine will be available later this year in the United States, sold exclusively through Microsoft.com. The company did not disclose pricing.

Why Microsoft is betting that AI’s future runs on fixed costs, not cloud meters

The Surface RTX Spark Dev Box arrives at a moment when the economics of AI development have become a boardroom-level concern. Companies large and small are grappling with cloud GPU bills that scale unpredictably: every fine-tuning run, every inference call, every agentic workflow that loops through a frontier model accumulates cost. For a developer iterating rapidly on a prototype — running the same model dozens or hundreds of times a day — those charges compound fast.

Microsoft is framing the Dev Box as a release valve for that pressure. Andrew Hill, corporate vice president of Surface, wrote in the announcement blog post that the device “changes that equation” by letting developers “reserve frontier model calls for truly frontier problems and handle the rest on their own hardware.” The pitch is not that cloud computing is obsolete, but that much of the work currently being sent to remote data centers does not require state-of-the-art models and would be better served by capable local hardware with predictable, fixed costs.

This is a significant strategic shift for Microsoft, a company that derives tens of billions of dollars in annual revenue from Azure cloud services. By selling hardware that explicitly reduces customers’ cloud dependency, Microsoft is acknowledging a tension that has been building across the industry: the marginal cost of AI inference at scale is unsustainable for many teams, and the market is demanding alternatives. The bet appears to be that developers who prototype locally will still deploy to Azure when they need to scale — and that owning both ends of that workflow is more valuable than owning only the cloud.

Inside the 128GB unified memory architecture that makes local AI possible

The technical architecture of the Dev Box reflects a set of deliberate engineering choices aimed at sustained, not peak, performance — a distinction that matters enormously for AI workloads that can run for hours.

At the center is Nvidia’s RTX Spark system-on-chip, which combines an ultra-efficient ARM-based CPU with a Blackwell-generation RTX GPU. In a traditional Windows PC, Davuluri explained during the briefing, this configuration would require four separate components: a CPU, a discrete GPU, dedicated graphics memory and system RAM. The RTX Spark collapses all of that into a single chip paired with a single unified memory pool.

That unification is the critical design decision. Conventional gaming laptops with high-end Nvidia GPUs top out at roughly 24 gigabytes of GPU-accessible memory. The Dev Box’s 128 gigabytes of unified memory — accessible to both the CPU and GPU through what Nvidia calls its Unified Memory Access architecture — is what makes it possible to load models that would otherwise require cloud GPU instances with specialty high-bandwidth memory configurations.

Microsoft did substantial work at the operating system level to exploit this architecture. The company implemented new memory management logic in Windows that raises the ceiling on how much system memory the GPU can address, introduces smarter page-size allocation for shared memory regions and ensures that heavy GPU workloads do not starve the CPU of the resources it needs for multitasking. The Windows scheduler was also optimized for RTX Spark’s heterogeneous core layout, routing demanding workloads to performance cores while keeping efficiency cores available for background tasks.

How a 3D-printed aluminum chassis doubles as a heatsink

The thermal design is equally deliberate. The Dev Box operates within an approximately 100-watt sustained thermal envelope — modest by desktop standards, but meaningful for a device intended to run training jobs and inference workloads continuously. The aluminum chassis itself is engineered to function as a passive heatsink, and the method Microsoft used to build it is among the most striking details about the machine.

The top panel is manufactured using metal 3D printing, a process that enables internal geometries too complex for conventional CNC machining or injection molding. The perforations are not simple through-holes; they are angled in multiple directions around the internal fan to optimize airflow from cold-air intake through heat dissipation. During the press briefing, Harry, a Surface industrial designer, explained the rationale: “The complexity is something other manufacturers wouldn’t be able to do, like CNC, or like any molding, because of the complexity of shape.”

When asked whether 3D printing would constrain mass production, the designer acknowledged the challenge but suggested Microsoft had developed a process robust enough to scale. The result is a machine that runs quietly enough for an open office while sustaining the kind of continuous GPU workloads that would throttle most conventional desktops of similar size. For a device that Microsoft expects developers to leave running overnight on fine-tuning jobs, quiet sustained performance is not a luxury — it is a requirement.

A developer-first setup that eliminates hours of configuration

Microsoft is shipping the Dev Box with Windows 11 Pro pre-configured at the image level for development work — a detail that sounds minor but reflects a growing recognition that the out-of-box experience for developer hardware has historically been poor.

The machine boots into a dark theme with a simplified taskbar, widgets removed and Do Not Disturb enabled. Developer Mode is turned on. PowerShell 7 is the default shell. WSL 2 — the Windows Subsystem for Linux — comes pre-installed with GPU passthrough and CUDA support already configured. Visual Studio Code, GitHub Copilot, Git, Python and Node.js are all installed and ready.

“We’ve said, ‘Hey, you know what, we got you, you want to go fast,’” a Microsoft engineer who demonstrated the configuration during the briefing told VentureBeat. The philosophy, he explained, is that developers were going to install all of these tools anyway — the friction was in the hours of setup and configuration that stood between unboxing a machine and writing the first line of code.

The Dev Box also ships with integration points across Microsoft’s AI stack: AI Toolkit for VS Code for model conversion and fine-tuning, Windows ML and Windows Copilot Runtime for local inference, and Microsoft Foundry for connecting local prototypes to cloud deployment pipelines. For enterprises, the device integrates with Entra ID and Intune for identity and device management, and includes Secured-core PC architecture, BitLocker encryption and Microsoft Defender.

Why Apple’s Mac Mini may not be the real competition anymore

The most obvious competitive comparison is Apple’s Mac Mini, which has dominated the compact-desktop category and has been widely adopted by developers drawn to Apple Silicon’s unified memory architecture and power efficiency.

Davuluri addressed the comparison directly during the briefing, saying the Dev Box is “in a different class of performance than Mac Minis, intentionally.” He declined to share specific benchmarks, noting that detailed specifications and performance targets would come closer to the fall launch. But the architectural advantage Microsoft is claiming is clear: while the current Mac Mini with M4 Pro tops out at 48 gigabytes of unified memory and the M4 Max configuration reaches 128 gigabytes, the RTX Spark Dev Box pairs its 128 gigabytes with a Blackwell-class GPU that has a fundamentally different CUDA-based compute model — one that the vast majority of the AI/ML ecosystem’s tooling (PyTorch, TensorRT, llama.cpp, Hugging Face frameworks) is already optimized for.

That CUDA ecosystem advantage is difficult to overstate. While Apple’s Metal framework has made progress, the overwhelming majority of AI training and inference frameworks are built and tested first against Nvidia’s CUDA stack. A developer running models on the Dev Box can use the same code, the same libraries and the same workflows they would use on a cloud GPU instance — a level of portability that Apple Silicon cannot currently match.

From laptop to supercomputer: Microsoft’s three-tier plan for local AI hardware

The Dev Box is one piece of a three-tier hardware strategy Microsoft laid out at Build. The Surface Laptop Ultra, announced days earlier at Computex, brings the same RTX Spark silicon into a 15-inch laptop form factor for developers and creators who need portability. At the other end of the spectrum, the DGX Station for Windows — built on Nvidia’s GB300 Grace Blackwell Ultra Superchip — targets organizations that need to run frontier models up to one trillion parameters on a deskside system. That machine is expected in the fourth quarter of this year.

The three devices map to a tiered computing model that Microsoft is calling “unmetered intelligence”: small on-device language models (the company’s new Aion 1.0 family) handle lightweight tasks at zero marginal cost; RTX Spark-class hardware runs mid-range models locally for the bulk of development work; and cloud resources are reserved for genuinely frontier-scale problems.

The GitHub Copilot CLI is getting a concrete implementation of this model with a new feature called /fleet, which allows a cloud-based primary agent to build a plan, assess the complexity of each task and route appropriate subtasks to a local model running on the developer’s hardware. The cloud agent handles what requires frontier capability; the local model handles what does not. The result, in theory, is lower cost without lower quality.

The real question is whether hybrid AI can shift from buzzword to business model

Whether Microsoft’s bet pays off depends on questions that will take months to answer. How does the Dev Box actually perform under sustained, real-world workloads? What will it cost? How quickly will the open-source model ecosystem continue to produce capable models in the 70-to-120-billion-parameter range that fit within its memory envelope? And perhaps most critically: will enterprise procurement teams, trained to think of AI as a cloud line item, accept a capital expenditure on desk hardware as an alternative?

The strategic logic, however, is difficult to dismiss. For three years, the AI industry has operated on an implicit assumption: serious AI work happens in the cloud, and the economics of that arrangement are simply the cost of doing business. Microsoft, a company with every incentive to reinforce that assumption, is now selling a machine that undermines it. That is not a contradiction — it is a recognition that the market is moving, and that the company that controls the developer’s local environment and the cloud they deploy to has a more durable advantage than one that controls only the cloud.

Every dollar a developer does not spend on cloud inference is a dollar that can fund another experiment, another iteration, another prototype. For years, the AI industry told developers they needed to rent their intelligence by the token. Microsoft is now asking a different question: what if you could just buy it?

Small AI models just got a surprising boost from a very old game.

MIT researchers used a Battleship-style setup to test whether AI agents can improve how they gather information before making a move. The result was a sharp jump in performance for smaller systems, including one model that went from rarely beating humans to winning most of its games after researchers changed how it searched the board.

That shift goes straight at one of the biggest weaknesses in today’s AI agents. They’re often asked to handle tasks where the answer depends on details they don’t have yet. MIT’s work suggests better question planning can make a cheaper model act far more capable.

How much smarter did it get

MIT’s test used a version of Battleship built around natural-language questions. One AI agent played the role of the teammate trying to locate hidden ships, while another had access to the board and answered.

The biggest jump came from Llama 4 Scout. MIT said the smaller model beat human players in only 8% of games at first. After researchers added a more deliberate inference strategy, it beat humans 82% of the time and outpaced a larger frontier model while operating at about 1% of the cost.

That’s the number to watch if you care about AI costs. The model didn’t win by getting larger, but won by choosing sharper questions and making better use of each answer.

Why does Battleship help AI learn

Battleship works as a test because it forces an AI agent to act with limited information. It can’t see the whole board, so every question has to narrow the search and set up the next move.

That maps neatly onto practical AI tools. A support bot, research assistant, or planning agent often needs to ask follow-ups before it can help. When that process breaks down, the model can miss a key detail, repeat itself, or make a recommendation too early.

The MIT approach puts pressure on that weak spot. It measures whether an agent can gather the right information before producing an answer.

Where could this go next

The harder test is whether the same approach works beyond games. Battleship is controlled, which makes it easier to score than open-ended agent workflows in search, customer support, or workplace software.

Still, the direction is worth watching. If smaller models learn to ask sharper questions before acting, companies could build cheaper AI tools that feel more capable in everyday use.

The next milestone is transfer from the game board to real work. A task with unclear instructions, missing files, and a rushed user will be much harder to solve.

With just two weeks to go, StrictlyVC Los Angeles is quickly approaching. On Thursday, June 18, at The Aerospace Corporation Campus in El Segundo, investors, founders, and tech leaders will gather for an evening of conversation exploring some of the most consequential shifts taking place across venture capital, defense technology, artificial intelligence, and advanced industry. Secure your spot here.

For executives navigating a rapidly changing technology landscape, StrictlyVC offers something increasingly difficult to find: direct access to the people building, funding, and shaping the next generation of companies. The conversations are candid, the audience is highly curated, and the insights extend far beyond what can be found in headlines, podcasts, or social media feeds.

Who’s taking the stage in Los Angeles

The evening begins with Ethan Thornton, founder of Mach Industries. In his session, “Built for a New Era of Defense Technology,” Thornton will share his perspective on building a hard tech company at speed and how advances in autonomy, manufacturing, and national security are transforming the defense sector. His story reflects a broader movement of founders tackling ambitious challenges in industries undergoing rapid change.

The conversation continues with Delian Asparouhov of Founders Fund and Saif Khawaja of Shinkei Systems. Together they will discuss the rise of physical AI and how developments in robotics, automation, and artificial intelligence are creating new opportunities to transform the physical world. Their discussion will offer insight into what it takes to build and scale breakthrough technologies beyond software alone.

Also joining the lineup is Carter Reum, co-founder and partner at M13. In his session, “Finding the Next Big Thing,” Reum will explore how AI is reshaping industries and how investors are moving beyond short-term hype to identify companies built for long-term durability. He will share his perspective on where innovation is creating the most meaningful opportunities and how venture investing is evolving as new categories emerge.

Additional speakers and conversations will be announced soon as the StrictlyVC Los Angeles agenda continues to grow. Stay updated on the latest speaker announcements and event news.

Grab your pass and join the conversation

Beyond the conversations onstage, StrictlyVC Los Angeles is designed to bring together the people driving innovation across technology and venture capital. Throughout the evening, attendees will have opportunities to connect with founders, investors, and operators in an environment that encourages meaningful discussion and the exchange of ideas. Whether you are looking to expand your network, gain new perspectives, or discover emerging opportunities, the value of the event extends well beyond the scheduled sessions. Secure your spot here.

Update

Added new Anime Paradox codes on June 5, 2025.

Anime Paradox is a popular Roblox tower defense game that brings together characters inspired by famous anime series. Players must collect powerful units, strengthen their teams, and defend against increasingly difficult waves of enemies. To help you progress faster, developers occasionally release codes that offer free rewards such as Gems, Trait Rerolls, and other valuable items. Here are the latest working Anime Paradox codes and how to use them.

All New Anime Paradox Codes

• UPDATE3.5!  — Redeem for Rerolls and Chips (NEW)
• FreeTrophies  — Redeem for Rerolls and Chips (NEW)
• NyoHo  — Redeem for Rerolls and Chips (NEW)
• SBR!  — Redeem for Rerolls and Chips (NEW)
• RESTOCK  — Redeem for Rerolls and Chips (NEW)
• SORRYFORBUGS  — Redeem for Rerolls and Chips (NEW)
• Update3Fumble  — Redeem for 150 Rerolls
• FreeStats  — Redeem for 30 Stat Chips, 20 Super Stat Chips
• UPDATE3!  — Redeem for 35 Trait Rerolls, 5000 Dabloons
• FATE!  — Redeem for 25 rr, 3 Rainbow Essence, 5000 Dabloons

Found an expired or missing code? Please let us know, and we’ll update the article as soon as possible.

Expired Anime Paradox Codes

How to Redeem Anime Paradox Codes?

Follow these simple steps to claim your free rewards:

1. Open Anime Paradox in Roblox.
2. Select the Codes button from the menu on the right side of the screen.
3. Enter an active code into the text box.
   
4. Click Redeem to receive your rewards instantly.

How to Get More Anime Paradox Codes

The official Anime Paradox Discord server is the best place to find newly released codes. Developers often post them alongside update notes, event announcements, and community celebrations, giving players a chance to claim free rewards. Another convenient option is to bookmark this page and check back regularly. We keep our code list updated with the latest active rewards, so you can quickly find working codes without searching through multiple channels or announcements.

Why Are My Anime Paradox Codes Not Working?

If your code doesn’t work, the most common reason is a wrong or mistyped character. To avoid this, copy the code exactly as shown on our page. Also, if the game hasn’t updated for you, a quick restart can refresh the server and resolve the issue. Beyond that, it’s possible that a specific code expired between the time of writing this article and when you tried to redeem it. If that’s the case, let us know by filling out the Google form, and we’ll update our list as soon as possible.

That means the chances of the attackers decrypting one of the encrypted vaults they obtained is very small in the event the master password was strong, meaning long, randomly generated, and has high entropy. However, not everyone uses such master passwords. In the event the master password was included in word lists exchanged by password crackers, the chances of success would be higher, although still unlikely.

Broadly speaking, the incident has similarities to the 2022 LastPass breach, which also allowed attackers to obtain encrypted user vaults. Eventually, the attackers managed to obtain decrypted information from some of them. The success was the result of two things.

First, certain fields, such as website URLs, remained unencrypted in vaults. That meant attackers could read them even without the master password. Second, some of the stolen vaults used outdated algorithms that didn’t adequately intensify the process for converting the plain-text password into a hash. Dashlane has said that no user fields in vaults are unencrypted. Further, when algorithms are periodically strengthened to account for advances in cracking abilities, the process occurs automatically, with no interaction required. The algorithm update process for LastPass vaults at the time came with more user friction.

Dashlane’s initial notification left out key details of the attack and led to considerable confusion about the ongoing risk users faced.

Out of an abundance of caution, both master passwords and the contents of any of the recovered Dashlane vaults should be changed immediately to reduce the chance, however unlikely, that the attackers succeed in breaking the master password. Unaffected Dashlane users don’t need to take any such action.

Valve has confirmed that Steam Machine is shipping this summer, giving PC gamers a real launch window for its SteamOS living room PC. The missing piece is still price, and that’s the detail many buyers need before they can decide whether it fits their setup.

The update came as Valve expanded its Verified program to cover Steam Machine and Steam Frame. For Steam Machine, games will be checked for default controller support, default graphics settings, and how well they run without manual setup. Valve says the hardware is roughly six times as powerful as Steam Deck, while still using SteamOS, the Steam interface, and Proton.

How your library will look

Steam Machine Verified should look familiar if you’ve used Steam Deck. The requirements are nearly identical, so you’ll get a clearer read on whether a game is ready for the TV before you spend time changing controls or graphics settings.

Valve already has a large foundation for that work. Tens of thousands of titles have gone through Steam Deck verification, and Valve is testing Steam Machine support for games that missed Deck performance targets because of CPU or GPU limits. On stronger hardware, some of those games could meet the new bar without developers changing anything.

Why the price gap lingers

The summer timing makes Steam Machine more concrete, but the missing price keeps the comparison unfinished. Buyers still don’t know whether Valve’s living room PC will sit closer to a Steam Deck, a gaming laptop, or a compact Windows gaming PC.

That comparison goes beyond raw performance. Valve has to show that a TV-connected SteamOS PC can make PC gaming easier in the living room than the options people can already buy. Verified labels should reduce setup uncertainty, but price will decide whether that convenience looks worth paying for.

When buyers get the rest

Valve has also added Steam Machine and Steam Frame tabs to the Partner Dashboard, where some games already have Verified results for the new devices. That gives developers more guidance before launch, but it isn’t the full consumer reveal yet.

For now, you shouldn’t make room for Steam Machine in your budget until Valve shares the remaining hardware details. Price is the big one, but final availability timing and configuration options will also shape whether it’s a smart upgrade or a wait-and-see PC gaming box.

For the past two years, the technology industry has raced to make AI agents more capable — teaching them to write code, navigate software interfaces, manage files, and orchestrate multi-step workflows with increasing autonomy. What the industry has not done, at least not with any consistency, is answer the question that keeps chief information security officers awake at night: what happens when an agent goes wrong?

On Tuesday at its annual Build developer conference, Microsoft offered what may become the definitive answer. The company introduced Microsoft Execution Containers, or MXC — a policy-driven execution layer, built into the Windows operating system itself, that lets developers and IT administrators declare exactly what an AI agent can and cannot access, with those boundaries enforced at runtime by the OS kernel.

The announcement, buried within a sweeping set of developer-focused updates, is arguably the most consequential platform move Microsoft made at Build this year, and it has the potential to reshape how every enterprise on Earth thinks about deploying autonomous AI software.

MXC is not a product you buy. It is an SDK and a policy model — a foundational primitive embedded in Windows and the Windows Subsystem for Linux — that provides what Microsoft calls a “composable sandbox spectrum.” That spectrum ranges from lightweight process isolation, already adopted by GitHub Copilot’s command-line interface, all the way up to micro-virtual machines, Linux containers, and full cloud instances running on Windows 365.

The system separates an agent’s execution from the user’s desktop, clipboard, user interface, and input devices. Critically, it binds every agent to a strong identity — either a local ID or a cloud-provisioned identity backed by Microsoft Entra — so that every action the agent takes can be attributed, audited, and governed.

The implications are enormous. Until now, the enterprise deployment of AI agents has been stuck in a paradox: the more autonomous and useful an agent becomes, the more dangerous it is to let it operate on a corporate network without guardrails. MXC is Microsoft’s attempt to break that paradox — not by making agents less capable, but by making the environment they operate in fundamentally more controlled.

Why every autonomous AI agent is a security incident waiting to happen

To understand why MXC matters, consider what an AI agent actually does when it runs on your computer. Unlike a traditional application, which operates within well-understood boundaries — a word processor reads and writes documents, a browser fetches web pages — an AI agent is, by design, unpredictable. It receives a goal in natural language, reasons about how to achieve it, and then takes actions: opening files, executing code, calling APIs, browsing the web, interacting with other software. Each of those interactions creates what security professionals call “attack surface.”

Microsoft’s own blog post framed the challenge in stark terms. The company wrote that “as agents become more capable and autonomous, they’re delivering material productivity gains. But they’re also introducing new risk, and the issue isn’t just the agent. It’s the entire system the agent operates across.” Every interaction between agents and humans, tools, applications, models, and other agents “exposes new attack surface and introduces different failure modes.” Microsoft characterized this as “a multi-layer systems problem.”

This is not a theoretical concern. In the months leading up to Build, security researchers demonstrated numerous ways that AI agents could be manipulated — through prompt injection, through malicious tool calls, through data exfiltration disguised as normal workflow. For enterprises that handle sensitive data, proprietary models, and regulated information, the absence of a trusted execution environment has been the single biggest barrier to moving agents from demo to deployment.

Microsoft’s answer is a sandbox that scales from a single process to a full virtual machine

MXC operates on a deceptively simple principle: declare what the agent can do before it runs, and let the operating system enforce those declarations at runtime. A developer or an IT administrator writes a policy that specifies which files, directories, and network resources an agent is allowed to access. MXC then creates a contained execution environment — a sandbox — that enforces those boundaries regardless of what the agent attempts to do.

What makes MXC unusual, and potentially very powerful, is the breadth of its isolation options. Microsoft designed the system so that a single SDK and policy model can map to the appropriate isolation construct for any given workload. For a lightweight coding assistant that just needs to read the current project directory, fast process isolation may be sufficient. For an autonomous agent that executes arbitrary code downloaded from the internet, a full micro-VM may be required. The system is designed to be “dynamically composable based on intent and risk,” meaning that the level of isolation can be adjusted based on what the agent is actually doing, not just what category it falls into.

Session isolation is a particularly important feature. MXC separates the agent’s execution from the user’s desktop, clipboard, UI, and input devices. This directly mitigates several classes of attacks that security researchers have identified as particularly dangerous for AI agents: UI spoofing, where an agent manipulates what the user sees to trick them into approving a malicious action; input injection, where an agent sends keystrokes or mouse clicks to other applications; and cross-session data leakage, where information from one user’s session bleeds into another.

A live demo showed an AI agent trying to delete files — and failing, because the OS wouldn’t let it

During a pre-briefing with VentureBeat the night before the announcement, a Microsoft developer offered a vivid demonstration of the technology in action. He had set up the open-source agent framework OpenClaw running inside MXC’s sandbox on his personal development machine. He then instructed the agent to delete all the files on his desktop. The agent attempted to comply — but the sandbox prevented it. “If you look at my desktop here, you see how clean my desktop is,” the developer said during the demo. “That’s a lie.” The files, he explained, were completely safe because “the container won’t allow it.”

The demonstration went further, showcasing the granularity of MXC’s controls. Users can mark specific files as read-only for the agent, restrict access to the browser and screen capture, control whether the agent can see location data, and have all of those permissions managed centrally by an enterprise IT department through Intune policies. The agent operates inside what is effectively a one-way mirror: it can do the work it has been asked to do, but it cannot see or touch anything outside the boundaries that its policy defines.

Pavan Davuluri, Microsoft’s Executive Vice President for Windows and Devices, underscored during the pre-briefing that the primitives MXC introduces — security, containment, isolation, and user control — are essential to making AI agents commercially viable.

He emphasized that these capabilities are “not unique to OpenClaw” and that “this pattern repeats itself over and over” for any agent running on a Windows device. The primitives that exist in the operating system now “for the file around security, containment, isolating them, having users in control,” he said, are what will make agents safe enough for ordinary consumers and corporate deployments alike.

Defender, Entra, Intune, and Purview integration arriving in July turns MXC into an enterprise control plane

For corporate IT departments, the most significant element of the MXC announcement is not the SDK itself but its integration with Microsoft’s existing enterprise security stack through what the company calls Agent 365. Arriving in preview in July, Agent 365 layers Microsoft’s Entra identity service and Intune device management platform on top of MXC, so that IT administrators can govern agent containment centrally while developers choose the level of isolation their workload demands.

The integration goes further: Microsoft Defender will provide runtime threat protection, Entra will handle identity and access management, Intune will enforce device-level policies, and Microsoft Purview will extend its data governance and compliance capabilities to agent activity. This means that an enterprise could, in theory, allow employees to run AI agents on their corporate machines — even powerful, autonomous agents that execute code and manage files — while maintaining the same kind of centralized visibility and control that IT departments currently have over traditional applications.

Microsoft described the identity layer in its official blog: “Windows assigns agents a local ID or a cloud provisioned identity backed by Entra and attributes all activity from the container to that identity, so you can clearly differentiate human from agent.” For regulated industries — financial services, healthcare, government — the ability to produce an audit trail that distinguishes between human actions and agent actions on the same machine could prove to be a regulatory requirement, not merely a nice-to-have feature. Every agent action attributable to a specific identity, every containment boundary enforceable through the same policy infrastructure that already governs hundreds of millions of Windows devices — this is the architecture that could finally move AI agents from pilot programs to production.

OpenAI, Nvidia, Manus, and Nous Research are already building on MXC — and that changes the calculus

Platform announcements at developer conferences are often aspirational. What distinguishes the MXC launch is the breadth and specificity of the partners already building on it. Microsoft named five: OpenAI, Nvidia, Manus, Nous Research (maker of the Hermes agent), and the OpenClaw open-source project. Each is integrating MXC in a distinct way that illuminates a different use case for the technology.

OpenAI’s involvement is particularly striking. David Wiesen, a member of OpenAI’s technical staff, said that “working with Microsoft on the Microsoft Execution Containers (MXC) allows us to explore new patterns for AI agents to safely and efficiently generate and execute code.” He added that by combining Codex’s capabilities with MXC’s execution environment, the goal is “to help developers move from intent to reliable execution faster, while maintaining the security and control enterprises need.” The reference to Codex — OpenAI’s code-generation agent — suggests that MXC could become the default execution environment for one of the most widely anticipated agent products in the industry.

Nvidia is bringing its OpenShell framework to Windows built on MXC, providing what Microsoft described as “an easy-to-deploy package for autonomous, always-on agents safely.” Manus, the Chinese-born AI agent startup that gained viral attention earlier this year, is also integrating. Tao Zhang, Manus’s Chief Product Officer, said that MXC “gives developers a policy-driven way to define what an agent can access and enforce those boundaries at runtime, so more autonomous agents can operate safely in enterprise environments.” And Dillon Rolnick, the CEO of Nous Research, offered what may be the most concise articulation of why MXC matters: “Continuously-running local agents, like Hermes Agent, require intentional isolation. Developers need control over what an agent can access and trust that those controls will hold.”

How an open-source agent framework became Microsoft’s proving ground for AI safety on Windows

One of the more revealing stories behind the MXC announcement involves OpenClaw. During the press pre-briefing, a Microsoft developer described how the partnership came together organically — Peter Steinberger, OpenClaw’s creator, sent him a direct message in January expressing interest in collaborating. What began as a casual conversation evolved into a full-fledged platform partnership, with Microsoft developers contributing to the OpenClaw Windows companion app, built as a native WinUI application rather than a wrapped web app.

The OpenClaw integration serves as what Scott called “the ultimate test app for all the stuff that [the Windows platform team] is making.” If OpenClaw — which by its nature gives agents broad autonomy to execute tasks on a user’s machine — can run securely within MXC’s containment boundaries, then the containment system is robust enough for any agent. Scott explained the philosophy driving the work: “Think of OpenClaw Windows as the ultimate test app… If OpenClaw can succeed on Windows, that means that the Linux support is there, the container support is there, the containment is there.”

The companion app demonstrates the full spectrum of MXC’s enterprise controls — file permissions, network access, screen capture restrictions, location data — all manageable centrally through Intune policies. Microsoft donated the project to OpenClaw and plans to continue contributing to it as open source. As one member of the Windows leadership team put it during the briefing: “All agents, all comers, everyone is welcome on Windows… It’s going to run great on Windows, because the primitives are there. The base of the pyramid is solid.”

Building containment into the OS gives Microsoft a strategic edge over Apple’s walled garden and Google’s cloud-first model

MXC arrives at a moment when the technology industry is grappling with a fundamental tension. AI agents represent what may be the most significant new category of software since mobile applications, and every major technology company is racing to build them. But the security and governance infrastructure required to deploy these agents responsibly in enterprise environments barely exists. Microsoft’s approach is distinctive because it locates the trust layer at the operating system level rather than in the agent framework, the model provider, or a third-party security product.

This is a deliberate architectural choice. By building containment into Windows itself, Microsoft ensures that the security guarantees hold regardless of which agent, which model, or which framework a developer chooses.

It also means that the hundreds of millions of Windows devices already managed through Intune and secured through Defender can, in principle, become agent-ready through a software update rather than a rip-and-replace deployment.

Apple’s approach to AI agents leans heavily on its walled-garden ecosystem, offering security through restriction — limiting which agents can run and what they can do. Google’s approach, centered on its cloud infrastructure, offers security through centralization. Microsoft’s approach offers security through declaration and enforcement — allowing any agent to run, but containing its impact through OS-level policy.

For enterprises that operate in heterogeneous environments with diverse toolchains and multiple AI providers, the Microsoft model may prove the most practical. The competitive dynamics are already shifting: with OpenAI’s Codex, Nvidia’s OpenShell, and independent agent frameworks like Manus and Hermes all building on MXC, Microsoft is positioning Windows not just as the platform where agents run, but as the platform where agents can be trusted to run.

The hardest part isn’t building the sandbox — it’s writing the policies that go inside it

MXC is available now in early preview, meaning developers can begin building against the SDK and testing containment policies. The Agent 365 integration with Defender, Entra, Intune, and Purview is scheduled for preview in July — a timeline aggressive enough to suggest that much of the engineering work is already done, but far enough out to allow for refinement based on developer feedback.

The real test, however, will come when enterprises begin deploying agents at scale on production networks. Containment is only as good as the policies that govern it, and writing effective agent policies for complex enterprise environments will be an entirely new discipline — one that IT departments have not yet developed and that no vendor has yet figured out how to teach. The technology is promising, but an empty sandbox is just an empty box. Filling it with the right rules, for the right agents, in the right contexts, will require a level of organizational sophistication that most companies are only beginning to contemplate.

Still, the significance of what Microsoft announced on Tuesday is difficult to overstate. For the first time, a major operating system vendor has proposed a comprehensive, kernel-level answer to the question of how autonomous AI software should be contained, identified, and governed on the devices where most of the world’s work actually gets done. The industry spent two years teaching agents to act. Microsoft is now betting that the bigger business — and the harder engineering problem — is teaching the operating system to watch.

Apple is all set to host its yearly Worldwide Developer Conference next week, where it is expected to announce the long-awaited Siri update. As excited as I am for the smart assistant to finally work like it was supposed to all these years, the iOS 27 sneak peek could potentially confirm Apple’s next big launch: the foldable iPhone Ultra.

I say this because iPhones have trailed behind their Android counterparts in true multitasking capabilities. Sure, they have a Dynamic Island that pops up crucial information with a press-and-hold without leaving the current app. But it isn’t the same as running multiple apps side-by-side simultaneously or one app on top of another. Such use cases are crucial for big-screen foldable phones – or even big slab phones for that matter. This iOS limitation is one of the reasons I believe the 6.9-inch screen estate on Pro Max models isn’t utilized to its full potential. But this might change at next week’s WWDC.

According to a Bloomberg report, Apple’s foldable iPhone will feature an “iPad-like interface when opened.” It could support running two apps side-by-side and add sidebars to many apps. We’ve never had an iPhone running multiple apps on the screen simultaneously, and if  Apple demos such an instance at WWDC 26, it’ll likely point towards the launch of an iPhone with a larger screen – hopefully, one that folds.

However, iOS 27 needs more than just an iPad-like multitasking UI to take advantage of its bigger canvas. After using most of the foldable phones launched in the last five years, I have a few notes for Apple to maximize the big screen potential.

Multitasking with intuitive window management

The Oppo Find N6 is my favorite foldable phone. It has an anti-reflective screen for better outdoor legibility, big battery all-day endurance and above all, a software experience that makes it a multitasking powerhouse. It is much more than having a simple split-screen at your disposal. That’s not to say I don’t use split-screen multitasking but running two apps side-by-side isn’t ideal when you have to type in one app (like Google Docs). Once the keyboard pops up, you get less space to type.

Oppo (and OnePlus) solved this issue in 2023, when you could run two apps side-by-side and a third one in full-screen at the bottom. It lets me reference search material from a webpage on the left half of the screen and have a PDF running on the other half, while also running Google Docs at the bottom to type my story on the go.

The latest Oppo Find N6 takes it to the next level with its Free-Flow Window feature, which lets you run up to four apps simultaneously in resizeable windows. Is four apps too much? Yes. But is it logical? Also yes. I thought it was overkill till I was at the airport and had to urgently submit my invoices. I opened Google Sheets (to create the invoice), Calculator (to calculate my month’s income for taxes), Keep (to take tax notes), and Chrome (to cross-check my published work.

I could do all of this on a slab phone by constantly flipping between each app. However, having the ability to run all of these apps without exiting another and resize them to your liking truly helps save time and effort. I’ve also used this feature to take notes while attending meetings and referencing shared PDFs simultaneously.

I’d love to have this feature on the iPhone Fold with an iPad-like taskbar at the bottom. It could make the iPhone Ultra like an iPad Mini when unfolded but one that fits inside my pocket.

More iOS tweaks for intuitive use

The iOS 27 redesign could touch Siri, Search, Camera, Safari, Weather, Image Playground and more. For the sake of iPhone Fold’s big screen, I hope it also adds two things to the system user interface.

First, I’d love to get a Samsung Galaxy Z Fold 7-like sidebar. It might not sound very useful in theory but every foldable phone has this feature now, and it is for a good reason. When AI Select was first rolled out on a Samsung phone, it was only possible to access it through the sidebar. This Galaxy AI feature allowed me to highlight a portion of my current screen and suggest contextual actions.

For instance, I used it to add Calendar events from my emails. I could open an email invite, swipe the sidebar to access AI Select and highlight the event information to automatically have the date, time and address on my Calendar app. Unless you have Gemini enabled on your Gmail account, you’d need to manually add these details to create a Calendar event.

I also use the sidebar to access the Files app and other apps for pop-up (like Calculator), which I don’t have on my taskbar. While the Bloomberg report said a sidebar could make its way to certain apps, I’d love to have system-wide accessibility so I can use it on top of my on-screen content, no matter what app I’m currently using.

Second, I want more smartphone manufacturers to borrow Honor’s extended folders. It helps keep apps within one-tap access, while also letting me group them. It is the best of both worlds – having a folder as well as a single app icon on the screen.

This feature was adopted by more Android skins last year but most of them are limited to three apps. Honor allows me to add up to five apps in a vertical or horizontal extended folder, which groups my favorite apps without needing me to tap on a folder to access them. It is a neat feature that I’ve missed immensely since I shifted back to my iPhone 17 Pro Max. The best I can do on an iPhone right now is move apps closer to each other, or use Smart Stack to group a few widgets together.

These iOS 27 additions would make the upcoming Apple foldable easier to use and help maximize its big screen utility. I hope we can get our first look at some of them next week at WWDC 26, alongside the other more exciting iOS 27 features. Either way, it is going to be a packed week for Apple software!

Airbnb CEO Brian Chesky has had enough of merely being an artificial intelligence kingmaker. He now plans to back a new AI lab of his own. The news, broken by Bloomberg and confirmed to TechCrunch by a person familiar with the situation, marks Chesky as one of many Silicon Valley machers who are unsatisfied with the models coming out of the frontier labs.

While Airbnb has adopted AI coding tools, Chesky said last year it hasn’t struck an LLM partnership because existing products weren’t quite ready.

Still, Chesky has plenty of insight. He met Sam Altman in 2006 through Y Combinator, which incubated Airbnb, and stayed in touch. When OpenAI took off, he began meeting regularly with Altman to offer advice about managing a hypergrowth tech company.

Chesky, who was reportedly considered a potential OpenAI board member, helped broker Altman’s return to power after its board of directors fired the CEO for lack of candor. Chesky advised Altman on public relations and rallied support for him among Silicon Valley bigwigs.

Now, however, he appears to be entering competition with his mentee’s company.

It’s not clear what the focus of Chesky’s new AI lab will be, although the Bloomberg article mentions user interaction and design, areas that he has emphasized at Airbnb.

That’s not unlike what Brett Adcock is doing at Hark, the AI lab he launched late last year to develop a novel user interface for an AI assistant, although the startup is also emphasizing hardware products.

Chesky also won’t be going into “founder mode” at this operation; a person familiar with the situation says he will remain as Airbnb’s CEO and not lead the new lab himself. Whoever gets the job will have to contend not only with the other AI labs, but also with a founding chair (we presume) known as a micromanager.

A representative for Airbnb and Chesky declined to comment.