What happened
At Microsoft Build 2026 on June 2, Microsoft announced Microsoft Execution Containers (MXC), a policy-driven execution layer built into the Windows OS kernel and Windows Subsystem for Linux that enforces declarative access-control boundaries for AI agents at runtime. MXC provides a composable sandbox spectrum—from lightweight process isolation to full micro-VMs—and binds every agent to a strong identity (local or Entra-backed) so every action is attributable and auditable. OpenAI, Nvidia (via OpenShell), Nous Research, Manus, and OpenClaw are launch partners.
Why it matters
Until now, AI agents running on enterprise endpoints operated under the user's full identity and permissions with no OS-enforced containment. MXC is the first major platform to embed kernel-level agent sandboxing as a primitive, meaning enterprises can mandate containment policies before agents access filesystems, networks, or applications—directly addressing the prompt-injection-to-privilege-escalation attack chain. With OpenAI and Nvidia already shipping on MXC, this will rapidly become the enterprise baseline for agent deployment on Windows.
Applicability
Any organisation deploying AI coding agents, autonomous workflow agents, or local LLM agents on Windows should evaluate MXC policies immediately. IT and security teams should pilot MXC sandbox profiles for GitHub Copilot CLI and OpenClaw deployments; vendors building on Windows should consider requiring MXC as a deployment prerequisite for enterprise customers.