19-05-2025
At Build, Microsoft Makes It Clear That Autonomous AI Is Here to Stay. Should You Be Worried?
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.
Truly independent (and potentially sinister) have long been a societal fear, dating back to sci-fi radio shows in the 1950s. And, now more than ever, it's scary to think about what autonomous AI can do with a seemingly limitless supply of data.
Thankfully, the AI agents Microsoft introduced at its 2025 Build developer conference seem to have an amicable goal: To help you streamline your business and developer processes. The press materials for Build include 296 mentions of the word agent, beating Copilot's 154 mentions, so you know it's the main theme this year.
Below are some of the key new agent technologies Microsoft is unveiling:
An Agent2Agent (A2A) Protocol that enables communication between agents
Agentic Memory for Teams, so it can recall previous interactions
An Agentic retrieval engine in Azure AI Search (currently in preview) that takes advantage of conversational history
An Agent Store, with prebuilt agents from Microsoft and partners
An Azure AI Foundry Agent Service that lets developers build AI agents for business processes, such as coordinating healthcare
Azure AI Foundry Local, which enables developers to run agents on local macOS and Windows hardware
A Computer Using Agent that lets agents control desktop and web apps in a virtual machine
Entra Agent ID for authenticating AI agents (or coworkers, as Microsoft calls them) à la the human-concerned Active Directory
A Microsoft 365 Agents SDK for building agents in Office apps
A Microsoft 365 Copilot app for human-agent collaboration
The Entra identity for agents is key to Microsoft's strategy. "Agentic AI is gaining momentum for its ability to combine large language models with reasoning to deliver real outcomes," said IDC's group vice president of security and trust, Frank Dickson. "As we scale autonomous capabilities, identity becomes critical—robust authentication, access provisioning, fine-grained authorization, and governance are essential."
Microsoft is also announcing tools to help with creating agents. Copilot Tuning, for example, lets you train AI models on your business's internal data and impose restrictions on its use and permissions.
Support for a couple of existing public protocols will help the widespread adoption of agents, too. The first is Model Context Protocol (MCP), which allows agents access to data and services and supports public or private repositories of the agents. The second is NLWeb, which Microsoft bills as the HTML of the agentic web. According to Microsoft's press materials, 'NLWeb makes it easy for websites to provide a conversational interface for their users with only a few lines of code, the model of their choice and their own data, allowing users to interact directly with web content in a rich, semantic manner.'
Microsoft is leaning hard into AI agents, and these technologies indeed seem capable of making the web and Windows more powerful. But what about the nightmare scenario of uncontrolled and malicious AI? After all, rogue AI agents can do a lot of damage with access to all the sensitive data associated with the above products and services.
In a related , Microsoft CVP David Weston acknowledges risks of attacks from a exposing sensitive functionality, prompt injection, , unwanted remote access, and others. Weston says, 'The goal for Windows 11 as an agentic OS is to provide the strongest fundamental security capabilities while also evolving and adapting to emerging threats.' Microsoft has itemized security principles for AI on Windows, too. It requires developers to employ the principle of least privilege and code isolation, meet a baseline set of security requirements, and put the user in control for sensitive operations.
Windows 11 will include technology controls to enforce those principles, including routing agentic interactions through a secure proxy for mediation, a requirement for top-level user authorization to access tools, a central server registry of trustworthy AI agent sources, and runtime isolation to limit the 'blast radius' should an attack occur.
Will it be enough? Probably, in most cases. But I expect to see some security bumps in the road to agentic AI in Windows and elsewhere. It's reassuring that Microsoft seems to be taking the issue seriously, at least. Weston states, 'Security is not a one-time feature—it's a continuous commitment.' Let's hope the commitment is strong enough to avoid major catastrophes for your computer and beyond.
