Implications for Windows
🎯 Opportunities
- Users want agents that actually DO things — not just chat
- Local-first resonates: privacy, control, no cloud dependency
- BYO model — any LLM (cloud or local) as long as it groks tool calling
- Integration with existing workflows matters (messaging, calendar, files)
- Skills pattern is powerful
- Downloadable from community
- Agent can generate its own
- Windows could provide trusted base skills
- MSIX packaging → tamper-proof, immutable by agent or any medium IL app
- Scanning service? (Defender, Azure)
- Linux/macOS have sandboxing primitives — Windows adding them could catch up or leapfrog
⚠️ Challenges
- Security model is unsolved — even experts calling it a "nightmare"
- Prompt injection has no great defense yet
- Agent-to-agent coordination raises new threat models
- Users will run this stuff regardless of platform guidance
- Open source moves faster than platform vendors
How do we enable agentic workflows while keeping Windows secure?