Scale & Strategy
together with
This is Scale & Strategy, the newsletter that hits harder than a surprise WiFi signal on a long flight.
Here’s what we got for you today:
- Microsoft wants to own the operating system for AI agents
- Trump backs away from mandatory AI reviews
Microsoft wants to own the operating system for AI agents
The AI industry has largely moved on from debating whether agents matter.
The debate now is who will control the infrastructure they run on.
At Build 2026, Microsoft made its answer pretty clear: everything.
The company rolled out a flood of announcements spanning agents, models, enterprise knowledge systems, web search, security frameworks, compliance tooling, and AI infrastructure. Viewed individually, most of these launches are incremental. Viewed together, they're an attempt to build a complete enterprise agent stack.
The centerpiece was Microsoft's push into what CEO Satya Nadella calls "autopilots."
These are persistent enterprise agents designed to operate over long time horizons with memory, context, connectors, personalities, and access to organizational systems. Think less chatbot and more digital employee.
The first example is Microsoft Scout, a personal agent built on OpenClaw that can proactively handle scheduling, meeting preparation, coordination, and routine workflows. Nadella said Scout is only the beginning, with Microsoft planning to expand the concept into entire teams of autonomous agents working together inside organizations.
That's a much bigger ambition than building a better assistant.
Microsoft is effectively trying to create a workforce layer that sits alongside human employees.
Beyond Scout, the company pushed deeper into agent infrastructure.
Microsoft IQ, its enterprise knowledge and intelligence platform for agents, is now generally available. WebIQ gives agents access to real-time web information, helping solve one of the biggest weaknesses in enterprise deployments: stale knowledge.
The model side of the announcement was equally aggressive.
Microsoft unveiled MAI-Thinking-1, its first dedicated reasoning model. At 35 billion parameters and a 128K context window, the focus appears less about beating frontier benchmarks and more about lowering inference costs.
That matters because agents consume tokens aggressively. A single employee chatting with AI occasionally is one thing. Thousands of agents continuously performing tasks across an enterprise is an entirely different cost equation.
Microsoft also launched:
- MAI-Image-2.5 for image generation
- MAI-Transcribe-1.5 and MAI-Voice-2 for speech workloads
- MAI-Code-1, an efficiency-focused coding model tuned for GitHub environments
The pattern is obvious. Microsoft wants more control over its own AI stack instead of relying entirely on external model providers.
The most interesting announcements may have been on the security side.
As agents gain access to internal systems, files, communications, databases, and workflows, the attack surface expands dramatically. A compromised agent can potentially touch far more systems than a compromised chatbot.
Microsoft introduced ASSERT, an open-source framework for automated AI safety testing. It also launched Agent Control Specification, an open standard for governing agent permissions and behavior, alongside MDASH, an autonomous vulnerability-hunting system.
The company also unveiled Frontier Tuning, which allows reinforcement learning to happen within enterprise policy boundaries so agents can adapt to organizations without violating compliance requirements.
That's the kind of infrastructure that sounds boring right up until an autonomous agent accidentally gains access to something it shouldn't.
The broader takeaway from Build isn't that Microsoft suddenly leapfrogged OpenAI, Anthropic, or Google in model capabilities.
That's not the game they're playing.
Microsoft's advantage comes from distribution and enterprise trust. More than 1.5 billion people already use Office products. Countless enterprises already rely on Microsoft for identity management, security, compliance, cloud infrastructure, productivity software, and internal workflows.
When agents become a standard part of enterprise operations, those existing relationships matter.
Security matters too.
Most companies are excited about agents right up until they imagine autonomous systems interacting with customer records, financial data, internal communications, and production environments. Suddenly the conversation shifts from capability to governance.
That's where Microsoft may have a genuine opening.
The company isn't trying to win every model benchmark. It's trying to become the platform where enterprises feel comfortable deploying agents at scale. And in enterprise software, comfort and trust have a funny habit of turning into massive businesses.
Vanta uses AI and automation to get you compliant fast, simplify your audit process, and unblock deals — so you can prove to customers that you take security seriously.
Make Vanta your compliance co-pilot and:
- Get SOC 2 ready without pulling engineers off product
- Automate evidence collection and streamline audit processes
- Unblock enterprise deals with security credibility that sales
- Access expert support at every stage, from startup to scale-up
Get compliant fast with Vanta – trusted by top startups like Cursor, Linear, and Replit.
Trump backs away from mandatory AI reviews
The White House wanted a longer leash on frontier AI models.
The AI industry pushed back.
The industry appears to have won this round.
President Donald Trump signed a new executive order asking AI companies to voluntarily submit certain frontier models for a government security review before release. The final version is significantly lighter than earlier proposals, which reportedly included a mandatory 90-day review period.
Instead, labs are being asked to provide models identified through a classified process as potentially capable of discovering software vulnerabilities or enabling advanced cyberattacks. The review period has been cut to 30 days, and participation remains voluntary.
That's a meaningful shift.
A 90-day review would have been viewed by many labs as a de facto product delay mechanism in an industry where capabilities can change dramatically in a matter of months. Thirty days is still notable, but far less disruptive to companies racing to ship increasingly powerful systems.
According to reports, former AI adviser David Sacks opposed the original proposal and became more supportive after the review window was shortened.
The order also explicitly rejects mandatory licensing requirements or permit systems for new AI models, a position that many frontier labs and investors have been advocating for over the past year.
At the same time, it directs the Department of Justice to focus on AI-enabled cybercrime and offensive hacking activity, signaling where the administration sees the most immediate risk.
That's probably the most important part of the entire order.
The policy debate around advanced AI is increasingly converging on cybersecurity. As models become better at coding, reasoning, and vulnerability discovery, concerns about offensive cyber capabilities become harder to dismiss as hypothetical.
The challenge is that governments are trying to regulate a moving target.
By the time policymakers agree on a framework, the underlying technology often looks completely different from what they started regulating. That's part of why broad licensing schemes and heavy pre-approval processes continue to struggle politically. Nobody wants to be responsible for slowing domestic AI development while competitors continue advancing.
That dynamic is especially pronounced in the U.S.-China competition, which reportedly played a major role in the White House softening the original proposal.
The administration appears to have landed on a compromise position: maintain visibility into frontier development without creating a regulatory process that companies view as a brake on innovation.
Whether that balance holds is another question.
Voluntary reviews only work if companies participate. And companies tend to participate when the incentives align.
For now, this executive order feels less like a regulatory crackdown and more like an attempt to secure a front-row seat to the next generation of frontier models. Washington wants earlier visibility into what the labs are building, particularly around cybersecurity capabilities, without triggering a fight over permits, licensing, or pre-approval requirements.
That's a much lighter touch than many expected.
It also reflects a reality that's becoming increasingly obvious: governments want more insight into frontier AI development, but very few want to be seen as the administration that slowed the race.
Was this email forwarded to you?
That’s it for today and as always It would mean the world to us if you help us grow and share this newsletter with other operators.
Our mission is to help as many business operators as possible, and we would love for you to help us with that mission!
