Microsoft's own AI models | AI Field Notes #42

AnalysisSeven new models under the MAI brand landed at Microsoft Build on June 2, the first batch Microsoft fully owns. The two that matter most for developers are MAI-Code-1, a coding model now live in Copilot and VS Code tuned for GitHub workflows, and MAI-Thinking-1, a reasoning model in private preview on Foundry. The rest cover image generation, transcription in 43 languages, and voice in 15 new languages. All are available outside Azure via Fireworks AI, Baseten, and Open Router. Microsoft has been OpenAI's primary distribution channel for five years; MAI is its first in-house bet.

AnalysisCognition retired the Windsurf name on June 2 and relaunched the product as Devin Desktop, built around the Agent Client Protocol (ACP), an open standard that lets any compatible coding agent run inside the IDE alongside Devin. The new default interface is the Agent Command Center, a Kanban view of active agents, pull requests, and shared context across sessions called Spaces. Devin Local, the built-in local agent, was rewritten in Rust from Cascade. At launch it supports Codex, Claude Agent, and OpenCode as external ACP agents. The ACP play mirrors what LSP (Language Server Protocol) did for language tooling in 2016: agree on the wire format, let the best tool win on each task.

AnalysisA symlink-hijack attack disclosed by Adversa AI on May 26 breaks six major AI coding CLIs simultaneously: Claude Code, Gemini CLI, Cursor's agent CLI, GitHub Copilot CLI, Grok Build, and OpenAI Codex CLI. A malicious repository commits a symlinked file that resolves to the agent's config directory, so approving what looks like a routine file copy overwrites config on write and runs attacker code on restart. On CI runners with auto-trust enabled, one malicious pull request can drain SSH keys, cloud tokens, and browser sessions from the runner. Claude Code shipped a partial fix in v2.1.129; the other five had no patches at disclosure.

AnalysisThe most unexpected Build announcement was Project Solara, a software platform for agent-native hardware that Microsoft is building on AOSP (Android Open Source Project) rather than Windows. The OS it produces, called MDEP (Microsoft Device Ecosystem Platform), runs agents consistently across Windows, Linux, macOS, mobile, and web from one platform layer. Two concept devices were shown at Build: a smart badge and a smart display, reference designs for enterprise partners rather than finished consumer products. A developer kit enters public preview via Azure and GitHub later this year built around the Microsoft 365 Agents SDK, and the choice to bypass Windows for agent hardware signals where Microsoft expects the edge form factor to actually land.

AnalysisTwo new structures, both voluntary: the executive order President Trump signed on June 2 sets up a 30-day window during which AI developers are asked to submit frontier models for government review before public release, and directs Treasury to stand up an AI cybersecurity clearinghouse within 30 days to share threat intelligence between government and AI-critical infrastructure operators. The order explicitly bars mandatory licensing or permitting, keeping the administration's hands-off posture intact. The review window was 90 days in earlier drafts; labs pushed back on the concern that a longer window would leak release timing to competitors and function as a de facto delay mechanism.

AnalysisAnthropic confirmed a $65 billion Series H on May 28 at a $965 billion post-money valuation, passing OpenAI's $852 billion round from March. The company then filed a confidential S-1 with the SEC, with an IPO possible as early as October. Run-rate revenue crossed $47 billion annualized in May, more than doubling from Q1 in a single quarter. The round was co-led by Altimeter, Sequoia, Greenoaks, and Dragoneer, with Samsung, SK Hynix, and Micron among participants, plus $15 billion in committed Amazon infrastructure investment. A $965 billion valuation requires revenue to sustain growth rates that very few software companies have held past the first two years of hypergrowth.

AnalysisThe Model Context Protocol (MCP, the open standard for connecting AI agents to external tools and data) released its 2026-07 Release Candidate in May, with a final spec due July 28. The RC's core changes: a stateless protocol layer to replace the existing stateful model that struggled when agents fanned out across many simultaneous tool calls, an extensions framework for adding capabilities without forking the spec, MCP Apps for server-rendered UI sent directly to the client, and substantially hardened OAuth/OpenID Connect authorization after early 2026 security research flagged MCP servers as a primary attack surface. The MCP Dev Summit runs June 9-10 in Bengaluru.